{
  "version": "1",
  "categories": [
    {
      "id": "prompt_injection",
      "label": "Prompt injection",
      "description": "Malicious instructions embedded in user-controlled text."
    },
    {
      "id": "tool_output_injection",
      "label": "Tool-output injection",
      "description": "Untrusted tool or web content treated as privileged instructions."
    },
    {
      "id": "retrieval_poisoning",
      "label": "Retrieval poisoning",
      "description": "Corrupted or adversarial RAG context overriding safer behavior."
    },
    {
      "id": "memory_poisoning",
      "label": "Memory poisoning",
      "description": "Hostile content persisted into memory or long-lived state."
    },
    {
      "id": "secret_exfiltration",
      "label": "Secret exfiltration",
      "description": "Leaking credentials or sensitive data under social pressure."
    },
    {
      "id": "unauthorized_action",
      "label": "Unauthorized action",
      "description": "Taking sensitive actions without explicit user consent."
    }
  ]
}