When ai meets the web: Prompt injection risks in third-party ai chatbot plugins

Yigitcan Kaya, Anton Landerer, Stijn Pletinckx, Michelle Zimmermann, Christopher Kruegel, Giovanni Vigna · 2025 · arXiv 2511.05797

2 Pith papers cite this work. Polarity classification is still indexing.

2 Pith papers citing it

read on arXiv browse 2 citing papers

citation-role summary

background 1

citation-polarity summary

background 1

representative citing papers

Tracking Conversations: Measuring Content and Identity Exposure on AI Chatbots

cs.CR · 2026-04-30 · accept · novelty 7.0 · 2 refs

17 of 20 AI chatbots share conversation content or identifiers with third parties, including plaintext prompt and response text with Microsoft Clarity in three cases.

ClawGuard: A Runtime Security Framework for Tool-Augmented LLM Agents Against Indirect Prompt Injection

cs.CR · 2026-04-13 · unverdicted · novelty 6.0 · 2 refs

ClawGuard enforces deterministic, user-derived access constraints at tool boundaries to block indirect prompt injection without changing the underlying LLM.

citing papers explorer

Showing 2 of 2 citing papers.

Tracking Conversations: Measuring Content and Identity Exposure on AI Chatbots cs.CR · 2026-04-30 · accept · none · ref 31 · 2 links
17 of 20 AI chatbots share conversation content or identifiers with third parties, including plaintext prompt and response text with Microsoft Clarity in three cases.
ClawGuard: A Runtime Security Framework for Tool-Augmented LLM Agents Against Indirect Prompt Injection cs.CR · 2026-04-13 · unverdicted · none · ref 16 · 2 links
ClawGuard enforces deterministic, user-derived access constraints at tool boundaries to block indirect prompt injection without changing the underlying LLM.

When ai meets the web: Prompt injection risks in third-party ai chatbot plugins

citation-role summary

citation-polarity summary

fields

years

verdicts

roles

polarities

representative citing papers

citing papers explorer