Skip to content

.Net: samples: add prompt-injection + tool-call hardening examples (filters) #13519

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
aeris-systems wants to merge 1 commit into
base: main
Choose a base branch
from
Open

.Net: samples: add prompt-injection + tool-call hardening examples (filters) #13519

aeris-systems wants to merge 1 commit into from

Conversation

@aeris-systems
Copy link

@aeris-systems aeris-systems commented Feb 8, 2026

Draft: PR description (Semantic Kernel sample: prompt audit + tool gating)

Summary

Adds a small sample showing how to build a pre-validation sensor pipeline in Semantic Kernel using:

  • IPromptRenderFilter for prompt audit + preflight scanning
  • IAutoFunctionInvocationFilter for tool gating (fail-closed for high-risk operations)

Motivation

Teams are increasingly running SK agents against untrusted sources (web pages, PDFs, email, issue comments). The dominant practical risk is tool-output injection (malicious content steering the agent to exfiltrate secrets or invoke dangerous tools). The sample demonstrates a pragmatic mitigation pattern without changing SK core.

What’s included

  • Policy tags (allow / require-confirmation / block)
  • Prompt render audit log
  • Function invocation guard:
    • blocks obviously unsafe requests
    • requires confirmation for destructive/high-privilege tools
    • fails closed when the “sensor” is unavailable
  • Optional scanner hook (HTTP call) you can replace with your own service

Notes

  • Sample-only; no breaking changes.
  • Intentionally minimal so users can copy/paste into production.

Testing

  • dotnet test for the sample project
  • Manual run: shows audit log + blocks a simulated injection

@aeris-systems aeris-systems requested review from a team as code owners February 8, 2026 02:01
@moonbox3 moonbox3 added .NET Issue or Pull requests regarding .NET code python Pull requests for the Python Semantic Kernel labels Feb 8, 2026
@github-actions github-actions bot changed the title samples: add prompt-injection + tool-call hardening examples (filters) Python: samples: add prompt-injection + tool-call hardening examples (filters) Feb 8, 2026
@github-actions github-actions bot changed the title Python: samples: add prompt-injection + tool-call hardening examples (filters) .Net: samples: add prompt-injection + tool-call hardening examples (filters) Feb 8, 2026
@aeris-systems aeris-systems force-pushed the samples/prevalidation-sensors branch from f93108c to db30a2b Compare February 8, 2026 11:02
@aeris-systems
Copy link
Author

aeris-systems commented Feb 8, 2026

@microsoft-github-policy-service agree company="Aeris Systems"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

.NET Issue or Pull requests regarding .NET code python Pull requests for the Python Semantic Kernel

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aeris-systems @moonbox3