Workflow Injection
Description
Workflow Injection differs from prompt injection by targeting the workflow engine itself rather than the LLM’s context. Attackers inject malicious configuration sequences, environment variables, code snippets, or serialized objects directly into the workflow definition (e.g., n8n JSON, LangGraph checkpoints, YAML pipelines). When processed by the workflow engine, this injected logic bypasses controls and executes arbitrary system commands (RCE), deserializes untrusted objects, or alters the intended flow of operations.
Map
| Framework | ID | Title |
|---|---|---|
| Gurple | G-1.2 | Workflow Injection |
| MITRE CAPEC | CAPEC-152 | CAPEC CATEGORY: Inject Unexpected Items |
| MITRE CAPEC | CAPEC-176 | Configuration/Environment Manipulation |
| MITRE CWE | CWE-15 | External Control of System or Configuration Setting |
| OWASP Top 10 | A03:2021 | Injection |