pyrit.executor.workflow.XPIAWorkflow

class XPIAWorkflow(*, attack_setup_target: ~pyrit.prompt_target.common.prompt_target.PromptTarget, scorer: ~pyrit.score.scorer.Scorer | None = None, converter_config: ~pyrit.executor.core.config.StrategyConverterConfig | None = None, prompt_normalizer: ~pyrit.prompt_normalizer.prompt_normalizer.PromptNormalizer | None = None, logger: ~logging.Logger = <Logger pyrit.executor.workflow.xpia (WARNING)>)

Bases: WorkflowStrategy[XPIAContext, XPIAResult]

Implementation of Cross-Domain Prompt Injection Attack (XPIA) workflow.

This workflow orchestrates an attack where: 1. An attack prompt is generated and positioned using the attack_setup_target 2. The processing_callback is executed to trigger the target’s processing 3. The response is optionally scored to determine success

The workflow supports customization through prompt converters and scorers, allowing for various attack techniques and evaluation methods.

__init__(*, attack_setup_target: ~pyrit.prompt_target.common.prompt_target.PromptTarget, scorer: ~pyrit.score.scorer.Scorer | None = None, converter_config: ~pyrit.executor.core.config.StrategyConverterConfig | None = None, prompt_normalizer: ~pyrit.prompt_normalizer.prompt_normalizer.PromptNormalizer | None = None, logger: ~logging.Logger = <Logger pyrit.executor.workflow.xpia (WARNING)>)

Initialize the XPIA workflow.

Parameters:

• attack_setup_target (PromptTarget) – The target that generates the attack prompt and gets it into the attack location.

• scorer (Optional[Scorer]) – Optional scorer to evaluate the processing response. If no scorer is provided the workflow will skip scoring.

• converter_config (Optional[StrategyConverterConfig]) – Optional converter configuration for request and response converters.

• prompt_normalizer (Optional[PromptNormalizer]) – Optional PromptNormalizer instance. If not provided, a new one will be created.

• logger (logging.Logger) – Logger instance for logging events.

Methods

__init__(*, attack_setup_target[, scorer, ...])	Initialize the XPIA workflow.
execute_async()	Execute the XPIA workflow strategy asynchronously with the provided parameters.
execute_with_context_async(*, context)	Execute strategy with complete lifecycle management.
get_identifier()	Get a serializable identifier for the strategy instance.

async execute_async(*, attack_content: SeedGroup, processing_callback: XPIAProcessingCallback | None = None, processing_prompt: SeedGroup | None = None, memory_labels: Dict[str, str] | None = None, **kwargs) → XPIAResult

async execute_async(**kwargs) → XPIAResult

Execute the XPIA workflow strategy asynchronously with the provided parameters.

Parameters:

• attack_content (SeedGroup) – The content to use for the attack.

• processing_callback (ProcessingCallback) – The callback to execute after the attack prompt is positioned in the attack location. This is generic on purpose to allow for flexibility. The callback should return the processing response.

• processing_prompt (Optional[SeedGroup]) – The prompt to send to the processing target. This should include placeholders to invoke plugins (if any).

• memory_labels (Optional[Dict[str, str]]) – Memory labels for the attack context.

• **kwargs – Additional parameters for the attack.

Returns:

The result of the workflow execution.

Return type:

XPIAResult

Raises:

TypeError – If any of the provided parameters are of incorrect type.