[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-31833":3,"doc-seo-31833":27},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"file_id":15,"file_url":16,"file_type":17,"file_size":18,"view_count":4,"is_deleted":4,"is_public":19,"is_downloadable":19,"audit_status":19,"page_count":20,"language":21,"language_code":22,"table_of_contents":23,"faqs":24,"seo_title":13,"seo_description":14,"update_tm":25,"read_time":26},31833,8796095462418,"Noah","https://ap-avatar.wpscdn.com/avatar/80000253c1241d02b47?x-image-process=image/resize,m_fixed,w_180,h_180&k=1778826106357471780",8,"Research & Report","Prompt Infection: LLM-to-LLM Prompt Injection within Multi-Agent Systems","Large Language Models increasingly power multi-agent systems, yet safety research has mostly examined prompt injection in single-agent settings. This work reveals a more dangerous vector: LLM-to-LLM prompt injection in which a malicious prompt self-replicates across interconnected agents. The resulting Prompt Infection attack enables silent propagation and system-wide harm, including data theft, scams, misinformation, and operational disruption. Extensive experiments show high susceptibility even without full public communication sharing, and a combined defense using LLM Tagging to mitigate spread.","cbCaiuREx1u1E6Tz","https://ap.wps.com/l/cbCaiuREx1u1E6Tz","pdf",3617894,1,14,"English","en","# Introduction\n## Prompt injection and single-agent limitations\n## Multi-agent systems and emerging security risks\n## Prompt Infection attack: LLM-to-LLM propagation\n## Empirical findings on susceptibility and model impact\n## Defense: LLM Tagging and combined safeguards","[{\"question\":\"What is Prompt Infection in multi-agent LLM systems?\",\"answer\":\"Prompt Infection is an LLM-to-LLM prompt injection attack where a compromised agent spreads a malicious prompt that self-replicates across interconnected agents. The infection can coordinate actions that lead to system-wide compromise.\"},{\"question\":\"How does the attack enable serious harms?\",\"answer\":\"The paper describes threats such as data theft, scams, misinformation, and disruption of operations. The propagation can occur silently through the system as agents exchange instructions and data.\"},{\"question\":\"How does LLM Tagging help defend against the infection?\",\"answer\":\"LLM Tagging appends a marker to agent responses so downstream agents can distinguish user inputs from agent-generated outputs. The paper notes that LLM Tagging alone is insufficient, but combined with existing safeguards it significantly mitigates spread.\"}]",1780261325,35,{"code":4,"msg":28,"data":29},"ok",{"site_id":30,"language":22,"slug":31,"title":13,"keywords":32,"description":14,"schema_data":33,"social_meta":84,"head_meta":86,"extra_data":88,"updated_unix":25},105,"prompt-infection-llm-to-llm-prompt-injection-within-multi-agent-systems","",{"@graph":34,"@context":83},[35,52,66],{"@type":36,"itemListElement":37},"BreadcrumbList",[38,42,46,49],{"item":39,"name":40,"@type":41,"position":19},"https://docshare.wps.com","Home","ListItem",{"item":43,"name":44,"@type":41,"position":45},"https://docshare.wps.com/document/","Document",2,{"item":47,"name":12,"@type":41,"position":48},"https://docshare.wps.com/document/research-report/",3,{"item":50,"name":13,"@type":41,"position":51},"https://docshare.wps.com/document/prompt-infection-llm-to-llm-prompt-injection-within-multi-agent-systems/31833/",4,{"url":50,"name":13,"@type":53,"author":54,"headline":13,"publisher":56,"fileFormat":59,"description":14,"dateModified":60,"datePublished":60,"encodingFormat":59,"isAccessibleForFree":61,"interactionStatistic":62},"DigitalDocument",{"name":9,"@type":55},"Person",{"url":39,"name":57,"@type":58},"DocShare","Organization","application/pdf","2026-05-31",true,{"@type":63,"interactionType":64,"userInteractionCount":4},"InteractionCounter",{"@type":65},"ViewAction",{"@type":67,"mainEntity":68},"FAQPage",[69,75,79],{"name":70,"@type":71,"acceptedAnswer":72},"What is Prompt Infection in multi-agent LLM systems?","Question",{"text":73,"@type":74},"Prompt Infection is an LLM-to-LLM prompt injection attack where a compromised agent spreads a malicious prompt that self-replicates across interconnected agents. The infection can coordinate actions that lead to system-wide compromise.","Answer",{"name":76,"@type":71,"acceptedAnswer":77},"How does the attack enable serious harms?",{"text":78,"@type":74},"The paper describes threats such as data theft, scams, misinformation, and disruption of operations. The propagation can occur silently through the system as agents exchange instructions and data.",{"name":80,"@type":71,"acceptedAnswer":81},"How does LLM Tagging help defend against the infection?",{"text":82,"@type":74},"LLM Tagging appends a marker to agent responses so downstream agents can distinguish user inputs from agent-generated outputs. The paper notes that LLM Tagging alone is insufficient, but combined with existing safeguards it significantly mitigates spread.","https://schema.org",{"og:url":50,"og:type":85,"og:title":13,"og:site_name":57,"og:description":14},"article",{"robots":87,"canonical":50},"index,follow",{"doc_id":7,"site_id":30}]