3.2 Instruction Boundary Enforcement

Description

System instructions MUST be immutable and protected from modification by user input.

Rationale

If attackers can modify system instructions, they gain complete control over agent behavior.

Audit Procedure

1. Identify where system prompts are constructed
2. Verify system prompts are from immutable sources
3. Test by attempting to modify system behavior

Remediation

1. Load system prompts from configuration files
2. Use clear architectural separation
3. Never use string concatenation with user input

Framework Mappings