How prompt injection actually reaches your coding agent
READMEs, issue comments, and skill files — the three doors injections walk through, with real samples we caught.
Prompt injection is a workflow bug. The strongest control sits at the action boundary, not only in the system prompt.
The short version
Prompt injection matters because agents are no longer just suggesting changes. They read files, call tools, run commands, and move context between systems.
OpenLeash keeps that power visible. Every plugin can inspect an event, make a decision, and leave an audit trail that humans can understand later.
What OpenLeash watches
Prompts, tool calls, sessions, skills, logs, and startup inventory all flow through the same event model. Plugins can block, mask, rewrite, compress, export, or simply observe.
That keeps the workflow fast when the agent is safe and explicit when the blast radius changes.