Skills
The Lethal Trifecta: Auditing Agentic Systems for Prompt Injection Blast Radius
Simon Willison's Lethal Trifecta defines the three conditions that make an indirect prompt injection critical: private data access + exposure to untrusted content + an exfiltration vector. When all three coexist, a malicious instruction embedded in a processed document (email, PDF, web page, MCP tool description) can silently exfiltrate private context or execute unauthorized tool actions. The Clinejection attack (March 2026) confirmed the real-world threat: a prompt injection in a GitHub issue title compromised Cline's production releases.
↳ Follow the thread