OASB
Attacks/Data Exfiltration/DE-005
HIGHCWE-200

DE-005 Markdown Image Exfil

Data ExfiltrationAttempts to extract sensitive information from the agent

Description

Attempts to exfiltrate data via markdown image

Remediation

Sanitize generated URLs. Block data in URL parameters. Implement URL allowlisting.

Severity

HIGH

OASB Control

4.3

CWE

CWE-200

Run this test

$ npx hackmyagent attack --payload DE-005
PreviousDE-004 Prompt Leakage via ErrorNextDE-006 Summarize Hidden Content