Exfiltration code, JS cookie theft, markdown pixels, DNS channels
Improper Output Handling is ranked LLM05 in the OWASP LLM Top 10 (2025) — the industry-standard taxonomy for large language model security risks. It represents one of the most commonly exploited vulnerability classes in production AI deployments.
Exfiltration-capable code generation, JavaScript cookie theft, markdown tracking pixels, DNS covert channels.
An attacker embedded prompt injection instructions inside a source code file using a markdown image tag syntax. When GitHub Copilot processed the file, it rendered the tag and exfiltrated sensitive repository data to the attacker's external URL - no user interaction required beyond opening the file.
Run the full LLM05 attack suite against your LLM in minutes.
Run free scan →