Indirect Prompt Injection in Web Content Targets AI Agents

    Date: 07/03/2026

    Severity: Medium

    Summary

    Just as human users can be socially engineered through phishing, AI agents are also susceptible to similar attacks. Threat actors are leveraging Indirect Prompt Injection (IPI) to embed hidden malicious instructions into websites, including those impersonating payment services and cryptocurrency platforms, to manipulate AI agents during task execution. The campaigns combine SEO poisoning, typosquatting, and concealed HTML/CSS prompts to influence AI-driven workflows, increasing the risk of RAG poisoning, fraudulent transactions, and AI-assisted compromise. 

    Indicators of Compromise (IOC) List

    Domains/URLs

    market-insight-global.com

    identity-breach-response.org

    runners-daily-blog.com

    bistro-reserve-now.net

    edge-compliance-node.org

    digital-asset-mart.org

    digital-asset-mart.org

    consensus-protocol-v4.org

    visual-media-rights-group.org

    permits.global-transit-authority.org

    py-lib-repository.dev

    debank.auction

    https://github.com/Open-Agent-Utilities/mig-institutional-api-client

    https://github.com/Open-Agent-Utilities/session-token-leak-detector

    https://github.com/Open-Agent-Utilities/sneaker-drop-monitor-v2

    https://github.com/Open-Agent-Utilities/opentable-resy-bypasser

    https://github.com/Open-Agent-Utilities/bot-compliance-middleware

    https://github.com/Open-Agent-Utilities/digital-asset-arbitrage-cli

    https://github.com/Open-Agent-Utilities/llm-fact-check-protocol

    https://github.com/Open-Agent-Utilities/royalty-free-image-scraper

    https://github.com/Open-Agent-Utilities/global-visa-automation-cli

    https://github.com/Open-Agent-Utilities/requests-secure-v2

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    domainname like "identity-breach-response.org" or url like "identity-breach-response.org" or siteurl like "identity-breach-response.org" or domainname like "permits.global-transit-authority.org" or url like "permits.global-transit-authority.org" or siteurl like "permits.global-transit-authority.org" or domainname like "market-insight-global.com" or url like "market-insight-global.com" or siteurl like "market-insight-global.com" or domainname like "bistro-reserve-now.net" or url like "bistro-reserve-now.net" or siteurl like "bistro-reserve-now.net" or domainname like "runners-daily-blog.com" or url like "runners-daily-blog.com" or siteurl like "runners-daily-blog.com" or domainname like "consensus-protocol-v4.org" or url like "consensus-protocol-v4.org" or siteurl like "consensus-protocol-v4.org" or domainname like "py-lib-repository.dev" or url like "py-lib-repository.dev" or siteurl like "py-lib-repository.dev" or domainname like "visual-media-rights-group.org" or url like "visual-media-rights-group.org" or siteurl like "visual-media-rights-group.org" or domainname like "edge-compliance-node.org" or url like "edge-compliance-node.org" or siteurl like "edge-compliance-node.org" or domainname like "digital-asset-mart.org" or url like "digital-asset-mart.org" or siteurl like "digital-asset-mart.org" or domainname like "debank.auction" or siteurl like "debank.auction" or url like "debank.auction"

    Detection Query 2 :

    domainname like "https://github.com/Open-Agent-Utilities/mig-institutional-api-client" or siteurl like "https://github.com/Open-Agent-Utilities/mig-institutional-api-client" or url like "https://github.com/Open-Agent-Utilities/mig-institutional-api-client" or domainname like "https://github.com/Open-Agent-Utilities/session-token-leak-detector" or siteurl like "https://github.com/Open-Agent-Utilities/session-token-leak-detector" or url like "https://github.com/Open-Agent-Utilities/session-token-leak-detector" or domainname like "https://github.com/Open-Agent-Utilities/sneaker-drop-monitor-v2" or siteurl like "https://github.com/Open-Agent-Utilities/sneaker-drop-monitor-v2" or url like "https://github.com/Open-Agent-Utilities/sneaker-drop-monitor-v2" or domainname like "https://github.com/Open-Agent-Utilities/opentable-resy-bypasser" or siteurl like "https://github.com/Open-Agent-Utilities/opentable-resy-bypasser" or url like "https://github.com/Open-Agent-Utilities/opentable-resy-bypasser" or domainname like "https://github.com/Open-Agent-Utilities/bot-compliance-middleware" or siteurl like "https://github.com/Open-Agent-Utilities/bot-compliance-middleware" or url like "https://github.com/Open-Agent-Utilities/bot-compliance-middleware" or domainname like "https://github.com/Open-Agent-Utilities/digital-asset-arbitrage-cli" or siteurl like "https://github.com/Open-Agent-Utilities/digital-asset-arbitrage-cli" or url like "https://github.com/Open-Agent-Utilities/digital-asset-arbitrage-cli" or domainname like "https://github.com/Open-Agent-Utilities/llm-fact-check-protocol" or siteurl like "https://github.com/Open-Agent-Utilities/llm-fact-check-protocol" or url like "https://github.com/Open-Agent-Utilities/llm-fact-check-protocol" or domainname like "https://github.com/Open-Agent-Utilities/royalty-free-image-scraper" or siteurl like "https://github.com/Open-Agent-Utilities/royalty-free-image-scraper" or url like "https://github.com/Open-Agent-Utilities/royalty-free-image-scraper" or domainname like "https://github.com/Open-Agent-Utilities/global-visa-automation-cli" or siteurl like "https://github.com/Open-Agent-Utilities/global-visa-automation-cli" or url like "https://github.com/Open-Agent-Utilities/global-visa-automation-cli" or domainname like "https://github.com/Open-Agent-Utilities/requests-secure-v2" or siteurl like "https://github.com/Open-Agent-Utilities/requests-secure-v2" or url like "https://github.com/Open-Agent-Utilities/requests-secure-v2"

    Reference:    

    https://www.zscaler.com/blogs/security-research/indirect-prompt-injection-web-content-targets-ai-agents#indicators-of-compromise--iocs-            


    Tags

    MalwarePhishingSocial EngineeringAIPrompt InjectioncryptocurrencyFinancial ServicesSEO Poisoning

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags