Research library
ZAN-RN-013Concept noteResearch question

Prompt injection and excessive agency test protocol

A concept note for turning the security testing approach in ZAN-RN-006 into a reusable protocol that can run against any tool-using agent, not just the reference implementation.

prompt injectionexcessive agencysecurity protocolOWASP
Technical uncertainty

Whether a framework-agnostic fixture format can drive consistent attack-success-rate and unsafe-tool-call-rate scoring across agents built on different orchestration stacks.

Expected evidence
  • Portable fixture schema
  • Normalised permission-scope mapping
  • Cross-framework comparison protocol
Next experiment

Run the ZAN-RN-006 fixture set against two structurally different agent frameworks and test whether normalised scoring produces comparable, explainable results.

Hypothesis

A portable fixture schema, covering direct injection, indirect injection, tool misuse, and excessive agency, can produce comparable security scores across agent frameworks if tool permission scopes are normalised before scoring.

Scope

From a single reference agent to a portable protocol

ZAN-RN-006 demonstrated the threat taxonomy and fixture format against one reference agent. This note scopes the work needed to make the protocol reusable across agent frameworks with different tool-calling and permission models.

References

Related research