Untrusted Content Boundary
List every place outside content can enter: docs, tickets, pages, comments, emails, uploads, logs, or tool output.
Prompt Injection Launch Checklist for AI Agents
A no-login launch screen for one AI workflow that reads retrieved docs, tickets, emails, comments, web pages, uploaded files, memory, or tool outputs.
Nine prompt injection checks before launch
Instruction/Data Separation
Confirm retrieved content cannot override system, developer, policy, or workflow instructions.
Tool Approval Gates
Require human approval before sends, posts, purchases, deletes, writes, or customer-visible changes.
Retrieval Filters
Limit what sources can be retrieved and mark external or user-authored material as untrusted context.
Memory Poisoning
Define what can persist, who can update it, and how bad memory is found, reset, or quarantined.
Tool Output Trust
Treat API responses, browser pages, OCR, and command output as content that may contain hostile instructions.
Public Output Review
Add a review step before the agent publishes, emails, updates records, or exposes private reasoning.
Secret-Safe Logging
Check prompts, traces, error messages, and summaries for secrets, customer records, tokens, and internal topology.
Disable Switch
Know who can pause the agent, revoke tool access, clear memory, and roll back bad output during launch.
What to prepare safely
- One-sentence workflow summary with placeholder data only.
- Where untrusted content can enter the workflow.
- Which tools or public actions the agent can trigger.
- What memory, retrieval, or saved context can influence later behavior.
- Known prompt injection concerns and the planned demo, pilot, handoff, or release date.
What not to paste into any intake
Do not send prompts containing secrets, API keys, OAuth tokens, cookies, passwords, card or bank details, payment pages, customer records, private handles, full names, full transaction IDs, or private dashboard screenshots.
Need a practical launch pass?
The AI Agent Launch Pack includes the local app, safe-intake builder, checklist materials, templates, and fictional sample report. The optional 24-hour review is limited to one workflow.