video1.0<iframe src="https://www.loom.com/embed/5ea6358bd1654808ab43259ac1df08ed" frameborder="0" width="1114" height="835" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>8351114Loomhttps://www.loom.com8351114https://cdn.loom.com/sessions/thumbnails/5ea6358bd1654808ab43259ac1df08ed-1b968c079b69b470.gif282.6234In this video, I demonstrate a serious issue of indirect prompt injection using NLWeb, which can vectorize website content for easy searching. I showcase a simple Shopify website where I've hidden a prompt injection attack that can lead to the leakage of sensitive information, such as a user's secret key. Our solution involves a program that scans connected MCP tools to identify potential data exfiltration paths and a guardrailing engine that allows users to create policies to block such attacks. I encourage viewers, especially sysadmins and security personnel, to consider implementing these guardrails to protect against similar vulnerabilities.