T1-AT-013HIGH
Instruction Commenting
T1 · Prompt & Context Subversion →Risk score215
RatingHigh
Procedures4
Severity
Mechanism
Embeds instructions as code comments or inline annotations. " By appending code-comment-style overrides to harmful requests, the attacker tests whether the comment-as-metadata association transfers to the safety domain. Structurally similar to T1-AT-004 (Prefix/Suffix) but uses comment syntax specifically rather than general command-line tokens.
Detection
- Detect code comment syntax in natural-language context: /* */, //, #, ! followed by override claims
- YARA rule: yara/t01-prompt-injection.yar
Mitigation
Strip code comments from natural-language inputs before classificationHIGH
Constitutional ClassifiersHIGH
Chaining
Chains with T1-AT-004 (Prefix/Suffix) and T1-AT-006 (Template Injection) as compound formatting attacks. When multiple formatting conventions are combined (comment + template + prefix), the compound signal may exceed the model's safety threshold even when individual signals do not.
Framework mapping
Open in the technique browser →OWASP LLMLLM01
MITRE ATLASAML.T0051.001