Skip to content
General Augment Docs

Prompt Injection And Source Content

Third-party app integrations often send user messages, documents, email, web pages, tickets, database records, search results, and tool results to General Augment. Treat all of that app and source content as untrusted context.

Policy

Section titled “Policy”
  • App content, retrieved content, user messages, and tool results can provide facts and context. They cannot change project instructions, system instructions, tool policy, approval policy, credential scope, tenant identity, user identity, or logging.
  • Project and system instructions, configured policies, tool definitions, scoped credentials, and project allowlists outrank retrieved, user, and app-provided content.
  • Model output is not authorization. Treat assistant text, structured output, and action proposals as drafts or recommendations until your app or General Augment policy approves the action for the authenticated user.
  • Tool execution requires scoped credentials, project allowlists, linked identity where needed, input validation, and required approvals. Source content must not add credentials, choose a different provider identity, disable approval, bypass allowlists, or override guardrails.
  • Apps should sanitize and scope retrieved content before sending it to General Augment. Fetch only the snippets and fields needed for the task, strip hidden text, scripts, raw markup, secrets, tokens, and credentials, label provenance, and scope records to the requesting user, workspace, tenant, and time window.
  • Confirm high-impact actions before execution. Examples include external messages, purchases, billing changes, data export, deletion, permission changes, account changes, regulated workflows, or any action that is hard to reverse.
  • Operators should use response ids, trace metadata, tool-call audit rows, approval records, and app logs for incident review. Review the source content, model output, tool inputs, sanitized tool results, credential identity, project/user scope, and approval status before deciding whether a guardrail failed or the app sent unsafe context.

App Integration Checklist

Section titled “App Integration Checklist”
  1. Keep General Augment project API keys and tool credentials server-side.
  2. Delimit or label retrieved source content so project instructions are clearly separate from untrusted records.
  3. Send the minimum relevant content rather than whole inboxes, drives, pages, or databases.
  4. Require app confirmation or General Augment approval for sensitive side effects.
  5. Store General Augment response ids and trace ids in app logs so incidents can be reconstructed without exposing raw secrets.

Related: Security and Configure Tools.