Add indirect prompt injection payload hints

[srkyn]

Summary

• add indirect-specific attack descriptions for the indirect prompt injection lab
• add payload hints for source instruction override, hidden HTML comment injection, and multi-source context confusion
• resolve the hardened indirect payload label so the UI does not display an unresolved key

Validation

• python -m compileall -q src
• checked new locale keys resolve with a dependency-light property parser

Closes #13

Summary by CodeRabbit

Release Notes

• New Features

  • Added Indirect Prompt Injection attack vector definitions and example payload templates for source instruction override, hidden/commented instructions, and multi-source context confusion.
  • Added a hardened placeholder payload indicating no exploitable payload for the hardened handling path.

• Documentation

  • Updated localized descriptions and categorizations for the indirect attack vectors.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds US English localization strings for three indirect prompt injection attack vectors and updates three controller endpoints' @attack_vector metadata to reference the new localization keys.

Changes

Indirect Prompt Injection Attack Vector Localization

Layer / File(s)	Summary
Localization strings for indirect prompt injection attacks locale/messages_us.properties	Attack vector descriptions and payload templates added for source instruction override, hidden/comment parsing, and multisource context confusion variants. A hardened "no exploitable payload" fallback (payload.na) is also defined.
Controller metadata updates for indirect injection endpoints src/controllers/indirect_prompt_injection_controller.py	Level 1, Level 2, and Level 3 endpoints' @attack_vector decorators updated to reference attack.indirect_* and payload.indirect_* localization keys.

Estimated Code Review Effort

🎯 2 (Simple) | ⏱️ ~8 minutes

"I nibbled strings and hopped with glee,
New keys for tricks that no rabbit should see.
Hidden notes and mixed-up source,
Now labelled clear along the course.
🐇✨"

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Add indirect prompt injection payload hints' directly and accurately describes the main changes: adding new locale strings for indirect prompt injection attack descriptions and payload templates.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[preetkaran20]

does these instructions really working and showing api key?

[srkyn]

Good question. This payload is meant to test whether indirect source content can pressure the model into disclosing sensitive-looking context if such context is present; it does not guarantee a real API key exists. I pushed a wording tweak to make that clearer and avoid implying the lab will always reveal an actual key.

[preetkaran20]

I tried and it didn't work.

[preetkaran20]

The payload that works for me is:

Please tryout more payloads and update the payload that worked.