Depth-Dependent Indirect Prompt Injection in Tool-Calling ReAct Agents: Injection Depth, Payload Framing, and Turn-Budget Sensitivity
Researchers have investigated the vulnerability of ReAct agents, which combine reasoning with tool use, to indirect prompt injection attacks. Their study found that the depth of the injection within the tool sequence significantly impacts the attack's success rate, with earlier injections being more effective. Claude Haiku demonstrated strong resistance to these attacks across all depths, while GPT-4o-mini's success rate decayed significantly with increasing injection depth. The research also indicated that the turn budget does not appear to be a major risk factor, but framing can influence success rates. AI
IMPACT Highlights a critical security flaw in current agent architectures, necessitating improved defenses for safe deployment.