mediumexperimentalLinuxOCIT1566

Linux Agent Ingesting Context From Downloaded Files

Detects AI agent processes reading files from download directories that may contain adversarial content designed to poison the agent's context window via indirect prompt injection.

Updated Jan 10, 2025 · OCI AI Security Team

agentic-aimemory-poisoningprompt-injectionindirect-injectionlinuxociowasp-asi06

Problem Statement

Indirect prompt injection occurs when adversarial instructions are embedded in content that the agent processes — documents, web pages, emails. By detecting when agents read files from download directories, defenders can identify the potential injection vector for subsequent behavioral anomalies.

Sample Logs

{"timestamp":"2025-01-10T14:00:00Z","computer_name":"oci-worker-26","user":"agent_svc","image":"/usr/bin/python3","target_filename":"/home/agent_svc/Downloads/report_with_injection.pdf","access_type":"read"}

Required Fields

image

target_filename

user

computer_name

False Positives

·Agents that process user-supplied documents as part of their legitimate task (document analysis, summarization)

Tuning Guidance

This detection has high false positive potential for document-processing agents. Focus on correlating file reads with subsequent anomalous agent behavior rather than alerting on reads alone.