方寸 Portal

AI Engineer Portal

Your personal operating system for career transition.

Private mode

Exercise

Add prompt injection detection

Add Prompt Injection Detection

Prompt injection is the LLM equivalent of SQL injection. Malicious users craft input that attempts to override your system prompt, change the model's behavior, or extract information the model should not reveal. Unlike SQL injection, there is no parameterized query equivalent — you must detect and handle injection attempts at the application layer.

What you are building

Build an InjectionDetector class that:

  1. Maintains a set of detection rules, each with a name, a regex pattern, and a severity level (low, medium, high)
  2. Implements a check(user_input: str) -> DetectionResult method that runs all rules against the input
  3. Returns a DetectionResult with: whether it is safe, a list of triggered rules with their names and severity, and a sanitized version of the input (suspicious segments replaced with [FILTERED])
  4. Is configurable: rules can be added at runtime, and the blocking threshold (minimum severity to block) can be set in the constructor
  5. Includes at least 6 built-in rules covering common injection patterns

Built-in rules to implement

  • override_instructions: "ignore|disregard|forget" followed by "instructions|prompt|rules" (high)
  • role_change: "you are now|act as|pretend to be|roleplay as" (high)
  • jailbreak_attempt: "DAN|jailbreak|developer mode|unrestricted mode" (high)
  • indirect_injection: "system:" or "assistant:" at the start of a line (medium)
  • excessive_length: input longer than 5000 characters (low)
  • repeated_chars: a single character repeated 50+ times (low)

Why this matters

Input guardrails are your first line of defense for any LLM feature exposed to users. They do not catch every attack — a determined adversary can craft injections that evade pattern matching — but they block the vast majority of naive attempts and force attackers to be more creative, which raises the cost of attack.

Llm Foundations / medium / Step 5 of 6

Practice stage

General drill

Hint

Keep the solution explicit and reviewable.

Success criteria

Make the solution explicit, debuggable, and easy to explain.

Review checklist

Review where the boundary is, what gets validated, and what would be hard to debug later.

Practice

Generate a variation

Generate a new exercise variation to deepen understanding or practice a related concept.

Attempt history

Recent submissions

Before you submit, decide what a strong answer should make obvious to the reviewer.

No attempts yet.