Potential Prompt Injection Attack in Body HTML
Detects messages containing references to major AI tools (like Gemini, Copilot, ChatGPT, or Claude) in non-standard HTML elements.
Sublime rule (View on GitHub)
1name: "Potential Prompt Injection Attack in Body HTML"
2description: "Detects messages containing references to major AI tools (like Gemini, Copilot, ChatGPT, or Claude) in non-standard HTML elements."
3type: "rule"
4severity: "high"
5source: |
6 type.inbound
7 and length(filter(html.xpath(body.html,
8 "//*[local-name() = 'admin']"
9 ).nodes,
10 length(.display_text) > 0
11 and strings.ilike(.display_text,
12 '*gemini*',
13 '*copilot*',
14 '*chatgpt*',
15 '*claude*'
16 )
17 )
18 ) > 0
19
20 // negate highly trusted sender domains unless they fail DMARC authentication
21 and (
22 (
23 sender.email.domain.root_domain in $high_trust_sender_root_domains
24 and not headers.auth_summary.dmarc.pass
25 )
26 or sender.email.domain.root_domain not in $high_trust_sender_root_domains
27 )
28
29attack_types:
30 - "Callback Phishing"
31 - "Credential Phishing"
32 - "Extortion"
33 - "Malware/Ransomware"
34 - "Spam"
35 - "BEC/Fraud"
36tactics_and_techniques:
37 - "Evasion"
38 - "Social engineering"
39detection_methods:
40 - "Header analysis"
41 - "HTML analysis"
42 - "Content analysis"
43id: "5fb24736-df8a-5a3a-84da-a2d5560d73d1"