What is Insecure Plugin Design?
Insecure Plugin Design occurs when LLM plugins or tools are implemented without proper input validation, authorization, or access controls.
If an LLM is connected to a plugin that can perform sensitive actions (like deleting files, sending emails, or making payments), an attacker can use prompt injection to trick the LLM into executing these actions with the plugin's privileges.