Research
CodeSentinel: A Three-Layer Defense Against Indirect Prompt Injection in Code Contexts
An inference-time defense against indirect prompt injection hidden in code comments, strings, or identifiers, using Tree-sitter for syntax-guided pre-filtering plus CST-guided Dynamic Min-K% scoring and node perturbation analysis to flag risky nodes before code reaches the LLM. Achieves 0.80 average node-level F1 across six attack families, beating CodeGarrison and DePA. Practical for hardening coding agents that ingest untrusted repos.
Source
↳ Follow the thread