This is a comprehensive playbook for testing LLM applications against prompt injection attacks. It covers direct injection (instruction override, role play), indirect injection through RAG poisoning and web browsing, tool abuse via function calling chains, and data exfiltration through markdown images and encoded payloads. The MCP security section is especially relevant if you're building or auditing systems that use external tool servers, since it breaks down how malicious tool descriptions can carry hidden instructions. Use this when you need to think like an attacker probing AI systems, not just running basic "ignore previous instructions" tests. It's practical attack vectors, not theory.
npx skills add https://github.com/yaklang/hack-skills --skill llm-prompt-injection