NetInjectBench: Benchmarking Indirect Prompt Injection in Tool-Using LLM Agents for Network Operations
Jul 14, 2026
NetInjectBench introduces a 130-scenario benchmark to evaluate indirect prompt injection attacks on large language model (LLM) agents used in network operations. In tests across 240 attack instances, naive execution led to an 82.50% unsafe tool-action rate, while a metadata-aware policy gate eliminated unsafe actions and preserved 99.17% usefulness. The study also compares several prompt-level defenses, finding them less effective than execution-time authorization boundaries.
Why it matters: This work reveals that LLM agents for network operations are highly susceptible to indirect prompt injection, but that metadata-aware policy gates can effectively prevent unsafe actions without sacrificing utility.
Full story at: arXiv Cryptography and Security ↗