Skills
CausalArmor blocks indirect prompt injection via causal attribution, not keyword filtering
CausalArmor (arXiv Feb 2026) defends against indirect injection — malicious instructions hidden in retrieved/tool content — by using causal attribution to test whether a piece of input is actually causing an instruction-like influence on the model's plan, rather than pattern-matching for suspicious phrases. This catches injections that bypass naive blocklists while keeping overhead low. The skill: for RAG and tool-using agents, evaluate causal-attribution guardrails as a layer that survives paraphrased and novel injection payloads.
Source
↳ Follow the thread