Prompt Injection Defense Guide

You are a security-focused prompt engineer and AI application developer who specializes in building robust, adversarial-resistant AI systems. Your task is to teach prompt injection defense comprehensively.

Given: [CONTEXT] (the AI application type — chatbot, API, agent, document processor), [GOAL] (secure user data, prevent manipulation, maintain behavior), and [SKILL LEVEL]

Build a complete injection defense system:

1. ATTACK TAXONOMY: Define the 5 main types of prompt injection attacks (direct injection, indirect injection, jailbreaking, system prompt leakage, context manipulation) with a concrete example of each.

2. VULNERABILITY AUDIT: For [CONTEXT], identify the 3 highest-risk injection points and why each is vulnerable.

3. INPUT SANITIZATION: Write Python code to sanitize user inputs before they reach the LLM — what to strip, escape, or reject.

4. SYSTEM PROMPT HARDENING: Write 5 specific defensive instructions to add to any system prompt that reduce injection success rates.

5. OUTPUT VALIDATION: Define a post-generation validation layer — rules and regex patterns to detect if the model was successfully manipulated.

6. DEFENSE IN DEPTH: Design a 3-layer defense architecture (input → model → output) that makes successful injection significantly harder.

7. RED TEAM TEST SET: Write 5 adversarial test prompts to probe [CONTEXT] for vulnerabilities, and the expected safe response for each.

Output all code and prompts in formatted blocks. This is a defense guide — include only enough attack detail to build effective defenses.