Prompt Injection Detection for LLM & Agent Apps
Prompt injection detection is the practice of finding places in an LLM application where untrusted text can override the system's instructions. It covers direct injection (malicious user input), indirect injection (payloads hidden in retrieved documents or tool output), jailbreaks, and system-prompt leakage. MEDUSA scans code for these with 800+ prompt-injection rules.
What is prompt injection?
Prompt injection is the LLM equivalent of an injection vulnerability: because a language model can't reliably tell instructions apart from data, any untrusted text that reaches the prompt can hijack the model's behaviour. It sits at the top of the OWASP Top 10 for LLM Applications for good reason — it is the root cause behind data exfiltration, unauthorized tool calls, and agent takeover.
Types of prompt injection to detect
Direct prompt injection
The attacker types the payload straight into the app ("ignore your previous instructions and…"). Detection means finding where user input is concatenated into a prompt without isolation, guarding, or output constraints.
Indirect prompt injection
The more dangerous variant: the payload is planted in content the model will later read — a web page, a PDF, a support ticket, a RAG document, or the output of another tool. The user never types anything malicious, yet the agent obeys the injected instruction. Detecting indirect injection means tracing every untrusted source that flows into the model's context.
Jailbreaks & system-prompt leakage
Jailbreaks use role-play, encoding, or multi-step framing to bypass safety instructions. System-prompt leakage tricks the model into revealing its hidden instructions — often the first step in crafting a reliable jailbreak. Both leave detectable patterns in how prompts are built and how model output is handled.
How MEDUSA detects prompt injection
MEDUSA is an AI-first security scanner with 800+ prompt-injection rules — covering direct and indirect injection, jailbreaks, system-prompt leakage, and long-context attacks — as part of 40,000+ total detection patterns across 79 scanners, aligned to the OWASP Top 10 for LLM Applications and MITRE ATLAS. It statically analyses your LLM and agent code with zero setup:
pip install medusa-security
medusa scan .
MEDUSA flags unguarded prompt construction, untrusted sources flowing into model context (including RAG pipelines and tool output), and missing output handling — the concrete code patterns behind an injection, not just a warning that "LLMs can be injected." Because it runs locally with no external tools or API keys, it drops straight into CI to catch injection surfaces before they ship.
Scan your LLM app for prompt injection
Free, open source (AGPL-3.0), and zero setup. Get a full prompt-injection audit in seconds.
See the full detection coverage or read the documentation. Securing MCP servers too? See MCP security.