UUID-based prompt injection protection for shell command output in LLM agents
LLM agents that execute shell commands are vulnerable to prompt injection via command output. An attacker controlling API responses, log files, or any external data can embed fake closing markers and instructions that the model may follow.
| #!/usr/bin/env python3 | |
| # Author: John McEleney | |
| # The main purpose of this script is to enable netmode4 on Xiaomi RB01 routers. | |
| # To do this the script poses as a mesh slave, which causes the mesh master to enable netmode4. | |
| # It does this by blindly sending HEX strings captured from an actual mesh negotiation between | |
| # two RB01 routers. | |
| # Enabling netmode is needed as one step in unlocking the router and flashing OpenWrt. | |
| # The router should already have been taken through basic set-up before running this script. | |
| # |
| import ssl | |
| import socket | |
| # This script simply replays one side of an intercepted conversation between two Xiaomi | |
| # RB01 (International) AX3200 routers negotiating meshing. | |
| # In effect the script poses as a mesh slave, which causes the mesh master to enable netmode4. | |
| # Enabling netmode is needed as one step in unlocking the router and flashing OpenWrt. | |
| # The router should already have been taken through basic set-up before running this script. | |
| # Netmode4 can be confirmed with curl by requesting the following URL, where ${token} is the "stok" | |
| # variable from your admin session: |