Skip to content

docs: add prompt injection threat model#105

Open
AKilalours wants to merge 1 commit into
anthropics:mainfrom
AKilalours:docs/prompt-injection-threat-model
Open

docs: add prompt injection threat model#105
AKilalours wants to merge 1 commit into
anthropics:mainfrom
AKilalours:docs/prompt-injection-threat-model

Conversation

@AKilalours

Copy link
Copy Markdown

Summary

This PR adds a prompt injection threat model for AI-assisted security review workflows.

Why

The README already notes that this action is not hardened against prompt injection attacks and recommends workflow approval for untrusted PRs. This documentation expands that guidance with concrete attack scenarios, risk areas, and maintainer mitigations.

Changes

  • Added docs/prompt_injection_threat_model.md
  • Documented prompt injection risks in Markdown, code comments, configuration files, and false-positive filtering
  • Added defensive review guidance for treating repository content as untrusted input
  • Added a maintainer checklist for safer security-review workflow usage
  • Linked the new threat model from the README security considerations section

Testing

  • Documentation-only change
  • Checked Markdown formatting locally

@AKilalours
AKilalours force-pushed the docs/prompt-injection-threat-model branch from 2ba3028 to 49fa14d Compare May 11, 2026 00:49
@AKilalours

Copy link
Copy Markdown
Author

Hi maintainers,

I opened this as a small documentation contribution to expand the existing prompt injection warning into a concrete threat model for AI-assisted security review workflows.

Happy to revise the wording, file location, or scope if you prefer a different structure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant