Overview
YAML vector schema, categories, and detection model.
Catalog Layout
Add vectors under vectors/<category>/<subcategory>/<vector-file>.yaml.
Current Prompt-Injection Categories
- Direct: 9 vectors
- Indirect: 6 vectors
- Multi-turn: 5 vectors
Schema Model
Each vector defines metadata, payloads, detection indicators, optional remediation guidance, and optional OWASP mapping and tags.
yaml
id: "pi-direct-021" # required, non-empty stringname: "System Prompt Reveal" # required, non-empty stringdescription: "..." # required, non-empty stringcategory: "prompt-injection" # required, non-empty stringsubcategory: "direct" # required, non-empty stringseverity: "critical" # required: critical | high | medium | low | infotier: "free" # optional: free | proowasp_mapping: "LLM01" # optional stringtags: ["prompt-injection"] # optional string listpayloads: # required, at least 1 item - name: "Primary payload" # required, non-empty string prompt: "..." # required, non-empty stringdetection: # required object indicators: # required, at least 1 item - type: "contains_any" # required: contains_any | regex_any | refusal_absent | behavior_change values: ["system prompt"] # required and non-empty for contains_any/regex_any description: "..." # optional string weight: 0.9 # required float in range 0.0..1.0 threshold: 0.6 # required float in range 0.0..1.0remediation: # optional object summary: "..." # required if remediation is present steps: # optional string list - "..." references: # optional string list - "https://..."How Detection Works
detection.indicatorsis required and must include at least one indicator.- Indicator
typevalues:contains_any,regex_any,refusal_absent,behavior_change. indicator.weightmust be in the range0.0..1.0.detection.thresholdmust be in the range0.0..1.0.indicator.valuesis required forcontains_anyandregex_any.