Skip to main content
COMPEL Body of Knowledge
Get Certified Platform

COMPEL Glossary / indirect-prompt-injection

Indirect prompt injection

Prompt injection delivered through content the model retrieves or ingests — emails, documents, web pages, or tool outputs — rather than through a direct user message.

What this means in practice

The attacker controls the content, not the prompt field, which makes detection and mitigation distinct from direct injection.

Synonyms

cross-domain prompt injection , XPIA , content-borne injection

Related Terms Network

This diagram shows how Indirect prompt injection connects to other concepts in the COMPEL body of knowledge. Each linked node is a term you can explore in turn.

Related terms for Indirect prompt injection Network graph showing 1 related glossary terms connected to Indirect prompt injection. Indirect promp… Jailbreak
1 related concept connected to Indirect prompt injection.

The COMPEL Glossary Graph visualizes relationships between framework terminology, showing how concepts interconnect across domains, stages, and pillars. Term nodes cluster by pillar affiliation while cross-references reveal semantic dependencies — for example, how risk appetite connects to control effectiveness, model governance, and assurance requirements. This network representation helps practitioners navigate the framework vocabulary and understand that COMPEL terminology forms a coherent conceptual system rather than isolated definitions.

Accessible list of related terms
  • Jailbreak — A user-crafted prompt pattern that bypasses a model's safety training to elicit restricted behavior.

See also

  • Jailbreak — A user-crafted prompt pattern that bypasses a model's safety training to elicit restricted behavior.

Related articles in the Body of Knowledge