Similar to code injection, attackers are able to inject HTML so that your LLM will run run that HTML. This detector checks for HTML and embeded scripts on input to ensure they are not being fed into the LLM instructions

Example

An example is an attacker asking the LLM to run a script to render a popup that looks like a login window. In reality that window is attacker-controlled. When this shows up within the trusted interface of your LLM application, your customer security will be compromised.

Threat

Any ability for attackers to get your LLM application to run HTML introduces a world of adverse possibilities. If your LLM application is not intended to take scripts as input, we highly recommend keeping this detector on.