< Back to Docs

Prompt Library

The prompt library contains 500+ curated attack prompts designed to test AI systems for common vulnerabilities. Prompts are organized by security framework and category.

Browsing Prompts

The Prompt Library page has a sidebar for navigating by category and a search bar for keyword filtering. You can filter by:

  • OWASP LLM Top 10 — Categories like Prompt Injection (LLM01), Insecure Output Handling (LLM02), Training Data Poisoning (LLM03), etc.
  • NIST AI RMF — Categories organized by function: Govern, Map, Measure, Manage.
  • Custom — Organization-specific categories created by your team.
  • Search — Free text search across prompt content.

Prompt Details

Each prompt includes:

  • Prompt Text — The actual input sent to the AI system.
  • Expected Behavior — What a secure AI should do (e.g., "refuse to comply").
  • Risk Description — Why this vulnerability matters.
  • Tags — Labels like "prompt-injection", "direct", "data-leakage" for quick filtering.
  • Framework Badge — Shows OWASP or NIST with the specific reference (e.g., LLM01, GOVERN-1).
  • Citation URL — Link to the relevant framework documentation.

Selecting Prompts for Scenarios

Use the checkboxes next to each prompt to build a selection. A counter at the top shows how many prompts are selected. Click "create scenario with selected" to jump directly to scenario creation with your chosen prompts pre-loaded.

You can also create scenarios from the project detail page using the + New Scenario button.

Adding Custom Prompts

Admins can add custom prompts scoped to their organization. These prompts are only visible to members of your org — they won't appear for other organizations.

To create a custom prompt:

  1. Click + New Prompt in the top-right corner (requires admin role).
  2. Select a category from the dropdown (or create a new category first).
  3. Enter the prompt text, expected behavior, risk description, and optional tags.
  4. Click Create. The prompt will appear with a "custom" badge.

Custom prompts can be edited and deleted. System prompts (the built-in 500+) cannot be deleted but superadmins can edit them.

Creating Custom Categories

Click + New Category to create a custom category for your org. Specify a name, description, framework (OWASP, NIST, or Other), and an optional framework reference code. Custom categories appear in the sidebar under "Custom" and are org-scoped.