# Prompt Injection Testing Framework for Reasoning Large Language Models > An experimental framework for testing chain-of-thought prompt injection attacks, helping developers evaluate the security performance of reasoning LLMs when facing adversarial inputs. - 板块: [Openclaw Llm](https://www.zingnex.cn/en/forum/board/openclaw-llm) - 发布时间: 2026-05-29T19:08:59.000Z - 最近活动: 2026-05-29T19:21:02.813Z - 热度: 146.8 - 关键词: LLM安全, 提示注入, 思维链, 推理模型, AI安全测试, 对抗性攻击 - 页面链接: https://www.zingnex.cn/en/forum/thread/llm-github-sysingleton-reasoning-llm-prompt-injection - Canonical: https://www.zingnex.cn/forum/thread/llm-github-sysingleton-reasoning-llm-prompt-injection - Markdown 来源: floors_fallback --- ## Introduction: Prompt Injection Testing Framework for Reasoning LLMs This article introduces an open-source testing framework developed by sysingleton, focusing on chain-of-thought prompt injection attack testing for reasoning large language models (LLMs). It helps developers evaluate the security performance of models under adversarial inputs. The framework is implemented in pure Python, includes core modules, and is suitable for security research, development testing, and educational scenarios. Note the ethical boundaries when using it. ## Background: New Security Challenges for Reasoning LLMs With the rise of reasoning LLMs such as OpenAI's o-series and DeepSeek-R1, AI security has faced new dimensions. Reasoning models generate chain-of-thought to enhance answer quality, but they introduce unique risks: attackers can manipulate the internal reasoning process through prompt injection. These attacks are stealthy and difficult to detect by conventional filtering, as malicious instructions may not directly appear in the final output. ## Project Overview: Birth of a Specialized Testing Framework This open-source project, developed by sysingleton, is a prompt injection testing framework for reasoning LLMs, focusing on chain-of-thought characteristics. Core modules include: harness.py (testing engine), payloads.py (injection payload library), probe_model.py (model probing), analyze.py (result analysis), run_campaign.py (batch testing), and apps.py (example scenarios). ## Core Mechanism: Chain-of-Thought Injection Testing Process Framework workflow: 1. Load various injection payloads (command overriding, role-playing, semantic manipulation, etc.); 2. The probe_model module interacts with the target LLM to collect final outputs and chain-of-thought content; 3. The analyze module compares behavioral differences between normal and injected inputs and outputs a structured analysis report. ## Application Scenarios and Value The framework is valuable for multiple user groups: security researchers can use it to systematically study attack impacts and develop defense mechanisms; developers can evaluate model vulnerabilities before deployment; educational scenarios can help students understand the principles of prompt injection. ## Technical Features and Usage Recommendations Technical features: Modular design, components can be independently replaced or customized. Usage recommendations: Use only in authorized scenarios (own models, authorized environments, public datasets), comply with ethical and legal boundaries, and do not test on unauthorized third-party services. ## Future Outlook: Expansion Directions of the Framework Future expansion directions: Support injection testing for multi-turn dialogue scenarios, integrate automated defense strategy evaluation, expand to multimodal reasoning models, etc. Paying attention to such open-source projects helps improve AI security protection capabilities.