Skip to content

.Net: samples: add prompt-injection + tool-call hardening examples (filters)#13519

Open
aeris-systems wants to merge 1 commit intomicrosoft:mainfrom
aeris-systems:samples/prevalidation-sensors
Open

.Net: samples: add prompt-injection + tool-call hardening examples (filters)#13519
aeris-systems wants to merge 1 commit intomicrosoft:mainfrom
aeris-systems:samples/prevalidation-sensors

Conversation

@aeris-systems
Copy link

@aeris-systems aeris-systems commented Feb 8, 2026

Draft: PR description (Semantic Kernel sample: prompt audit + tool gating)

Summary

Adds a small sample showing how to build a pre-validation sensor pipeline in Semantic Kernel using:

  • IPromptRenderFilter for prompt audit + preflight scanning
  • IAutoFunctionInvocationFilter for tool gating (fail-closed for high-risk operations)

Motivation

Teams are increasingly running SK agents against untrusted sources (web pages, PDFs, email, issue comments). The dominant practical risk is tool-output injection (malicious content steering the agent to exfiltrate secrets or invoke dangerous tools). The sample demonstrates a pragmatic mitigation pattern without changing SK core.

What’s included

  • Policy tags (allow / require-confirmation / block)
  • Prompt render audit log
  • Function invocation guard:
    • blocks obviously unsafe requests
    • requires confirmation for destructive/high-privilege tools
    • fails closed when the “sensor” is unavailable
  • Optional scanner hook (HTTP call) you can replace with your own service

Notes

  • Sample-only; no breaking changes.
  • Intentionally minimal so users can copy/paste into production.

Testing

  • dotnet test for the sample project
  • Manual run: shows audit log + blocks a simulated injection

@aeris-systems aeris-systems requested review from a team as code owners February 8, 2026 02:01
@moonbox3 moonbox3 added .NET Issue or Pull requests regarding .NET code python Pull requests for the Python Semantic Kernel labels Feb 8, 2026
@github-actions github-actions bot changed the title samples: add prompt-injection + tool-call hardening examples (filters) Python: samples: add prompt-injection + tool-call hardening examples (filters) Feb 8, 2026
@github-actions github-actions bot changed the title Python: samples: add prompt-injection + tool-call hardening examples (filters) .Net: samples: add prompt-injection + tool-call hardening examples (filters) Feb 8, 2026
@aeris-systems aeris-systems force-pushed the samples/prevalidation-sensors branch from f93108c to db30a2b Compare February 8, 2026 11:02
@aeris-systems
Copy link
Author

aeris-systems commented Feb 8, 2026

@microsoft-github-policy-service agree company="Aeris Systems"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

.NET Issue or Pull requests regarding .NET code python Pull requests for the Python Semantic Kernel

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aeris-systems @moonbox3