highexperimentalLinuxAI/MLT1048

LLM Service Serving Prompt Files Through Web Root

Detects LLM service processes writing files containing 'prompt', 'system', or 'guardrail' in their name to web server root directories. This makes confidential prompt material directly accessible via HTTP.

Updated Jan 15, 2025 · Detection Engineering Team

llmsystem-prompt-leakagelinuxweb-serverowasp-llm07

Problem Statement

Writing system prompt or guardrail files to web server root paths makes proprietary instructions publicly accessible via HTTP, enabling any user to discover safety bypass techniques and confidential system configuration.

Sample Logs

{"timestamp":"2025-01-15T21:44:18Z","computer_name":"llm-host-01","user":"llm_svc","image":"/opt/llm/app/file_exporter.py","target_filename":"/var/www/html/system_prompt_backup.txt","event_type":"file_create"}

Required Fields

image

target_filename

user

computer_name

False Positives

·Web-based LLM management UIs that legitimately display prompt configuration via an authenticated interface

Tuning Guidance

Alert on any prompt-named file appearing in web roots. Ensure web server directory listings are disabled and confirm no unauthenticated access to these paths.