Prompt Injection Attack Demonstrated on OSSBot AI Assistant from OopsSec Store

29 Jan 2026

prompt_injectionAI_securityOSSBotMistral_AIinput_filteringsystem_promptvulnerabilityexploitationblocklistroleplay_attackcode_extractioncybersecurity

A demonstration of a prompt injection attack targets the OSSBot AI assistant from the OopsSec Store, embedding sensitive data in its system prompt and exploiting insufficient input filtering. The article details five exploitation attempts, including synonym substitution, roleplay-based injection, and a completion-based attack, enabling the extraction of an internal validation code (OSS{pr0mpt_1nj3ct10n_41_4ss1st4nt). Vulnerabilities include a blocklist limited to four patterns, the absence of output filtering, and direct prompt concatenation. The application, accessible via http://localhost:3000/support/ai-assistant, uses the Mistral AI API (free tier). The vulnerable code is located in /api/ai-assistant/route.ts. Source: https://koadt.github.io/oss-oopssec-store/posts/prompt-injection-ai-assistant/