06·Scenario: conduct indirect injection on a tool-calling agent — identify three vectors

Introduction

This lesson takes the format of a case study and threat modelling — instead of definitions, you practise identifying attack vectors, risk assessment, and designing mitigations for a specific production agent. The analysed agent: "B2B Sales Assistant" with access to: email (read/send), CRM (read/write), calendar (read/write), web search, and file upload. For each of the three IPI vectors you will analyse the attack anatomy, impact, and recommended mitigations in accordance with OWASP LLM Top 10 (2023) and NIST AI RMF (2023).