{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:YRFCYASBTZX6LU2R4U3AMHMSA3","short_pith_number":"pith:YRFCYASB","schema_version":"1.0","canonical_sha256":"c44a2c02419e6fe5d351e536061d9206dce536e98d0d55ccb589bcbfa83767e3","source":{"kind":"arxiv","id":"2605.30521","version":1},"attestation_state":"computed","paper":{"title":"Evaluating using Mock Tool Calls to Quarantine Untrusted Prompt Inputs","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CL","authors_text":"Adam Gleave, David Gros","submitted_at":"2026-05-28T19:57:28Z","abstract_excerpt":"Large language models must frequently process untrusted inputs, such as judging an answer from another model or running tasks like spam and harm classifiers while under adversarial pressure. These inputs are often string-formatted directly into a prompt template, leaving systems fragile to manipulation. Current LLM specs from major providers like OpenAI distinguish trustworthiness along an Instruction Hierarchy, from System messages (most trusted) to Tool Results (least trusted). A possible natural mitigation is to wrap untrusted content in a mock tool call as a quarantine. We explore this hyp"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2605.30521","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CL","submitted_at":"2026-05-28T19:57:28Z","cross_cats_sorted":[],"title_canon_sha256":"2cfbe00f86666888c3195545ba83c5c658812dd536b1d8a490702756cf9e3398","abstract_canon_sha256":"e987c28ec55787d742e56ddba794eee4d6802bb965fe75a796bbbd5537a5dfae"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-01T01:02:58.849212Z","signature_b64":"AzieqrQZpqnXkotz5QaTEJsyrn5BUZx9Rz29baKSIn/RvfPw+Ml1SqvZ6706vhIYu0IYrzDAhwhSjMPxI8F8Aw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"c44a2c02419e6fe5d351e536061d9206dce536e98d0d55ccb589bcbfa83767e3","last_reissued_at":"2026-06-01T01:02:58.848111Z","signature_status":"signed_v1","first_computed_at":"2026-06-01T01:02:58.848111Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Evaluating using Mock Tool Calls to Quarantine Untrusted Prompt Inputs","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CL","authors_text":"Adam Gleave, David Gros","submitted_at":"2026-05-28T19:57:28Z","abstract_excerpt":"Large language models must frequently process untrusted inputs, such as judging an answer from another model or running tasks like spam and harm classifiers while under adversarial pressure. These inputs are often string-formatted directly into a prompt template, leaving systems fragile to manipulation. Current LLM specs from major providers like OpenAI distinguish trustworthiness along an Instruction Hierarchy, from System messages (most trusted) to Tool Results (least trusted). A possible natural mitigation is to wrap untrusted content in a mock tool call as a quarantine. We explore this hyp"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2605.30521","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2605.30521/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2605.30521","created_at":"2026-06-01T01:02:58.848260+00:00"},{"alias_kind":"arxiv_version","alias_value":"2605.30521v1","created_at":"2026-06-01T01:02:58.848260+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.30521","created_at":"2026-06-01T01:02:58.848260+00:00"},{"alias_kind":"pith_short_12","alias_value":"YRFCYASBTZX6","created_at":"2026-06-01T01:02:58.848260+00:00"},{"alias_kind":"pith_short_16","alias_value":"YRFCYASBTZX6LU2R","created_at":"2026-06-01T01:02:58.848260+00:00"},{"alias_kind":"pith_short_8","alias_value":"YRFCYASB","created_at":"2026-06-01T01:02:58.848260+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/YRFCYASBTZX6LU2R4U3AMHMSA3","json":"https://pith.science/pith/YRFCYASBTZX6LU2R4U3AMHMSA3.json","graph_json":"https://pith.science/api/pith-number/YRFCYASBTZX6LU2R4U3AMHMSA3/graph.json","events_json":"https://pith.science/api/pith-number/YRFCYASBTZX6LU2R4U3AMHMSA3/events.json","paper":"https://pith.science/paper/YRFCYASB"},"agent_actions":{"view_html":"https://pith.science/pith/YRFCYASBTZX6LU2R4U3AMHMSA3","download_json":"https://pith.science/pith/YRFCYASBTZX6LU2R4U3AMHMSA3.json","view_paper":"https://pith.science/paper/YRFCYASB","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2605.30521&json=true","fetch_graph":"https://pith.science/api/pith-number/YRFCYASBTZX6LU2R4U3AMHMSA3/graph.json","fetch_events":"https://pith.science/api/pith-number/YRFCYASBTZX6LU2R4U3AMHMSA3/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/YRFCYASBTZX6LU2R4U3AMHMSA3/action/timestamp_anchor","attest_storage":"https://pith.science/pith/YRFCYASBTZX6LU2R4U3AMHMSA3/action/storage_attestation","attest_author":"https://pith.science/pith/YRFCYASBTZX6LU2R4U3AMHMSA3/action/author_attestation","sign_citation":"https://pith.science/pith/YRFCYASBTZX6LU2R4U3AMHMSA3/action/citation_signature","submit_replication":"https://pith.science/pith/YRFCYASBTZX6LU2R4U3AMHMSA3/action/replication_record"}},"created_at":"2026-06-01T01:02:58.848260+00:00","updated_at":"2026-06-01T01:02:58.848260+00:00"}