Spot the Injection

Module 9, Lesson 9.2 — five staged agent-context snippets. For each, name the surface, locate the injection, pick the primary defense, and name the bad outcome. Target: 4 of 5 at 3/4 or better.
The rule for this drill. Not every scenario contains an injection. Some do. Your job is to tell the difference. Injections do not come with warning labels; a well-written injection in the middle of a legitimate-looking artifact looks like the rest of the artifact. Read every sentence as if it might be addressed to the agent.

How the drill works

  1. Each scenario is one agent context — a snippet of text the agent read from somewhere. Your job is to act as the trust-boundary reviewer.
  2. For each scenario you answer four questions — 1 point each:
    • Surface. Which of the four surfaces is the injection riding on? Web page / email body / pipeline artifact / MCP response — or no injection present.
    • Location. Click the specific sentence / paragraph / entry / field carrying the injection. (If no injection, use the no injection present checkbox instead.)
    • Defense. Pick the primary defense this boundary needs: segregation / refusal / containment. (Or N/A for the clean scenario.)
    • Bad outcome. Name what would happen if the agent followed the injected instructions. Pick from the four options or write your own.
  3. Click Score this scenario and read the per-field feedback. Then advance to the next. After five, you get a summary.
Passing bar. 3 out of 4 per scenario is a pass; 4 out of 4 is perfect. The Module 9 target is 4 of 5 scenarios at 3/4 or better on first pass. Below that target, re-read Lesson 9.2 Content Blocks 2 through 4 and redo the drill.