qai ipi [OPTIONS] COMMAND [ARGS]
Indirect Prompt Injection — Generate payloads and detect AI agent execution via document ingestion.
Commands Command Description generateGenerate document(s) with hidden prompt injection payloads techniquesList all available hiding techniques formatsList supported output formats listenStart the callback listener server statusCheck campaign status and hits exportExport campaigns and hits to JSON resetReset all campaigns, hits, and generated files
generate Generate document(s) with hidden prompt injection payload.
qai ipi generate [OPTIONS]
Creates one or more documents containing hidden prompt injection payloads using the specified technique(s). Each generated document is registered in the database for callback tracking.
Options Option Type Required Default Description --callback, -cTEXT Yes — Callback server URL --output, -oPATH No ./payloads/Output path (file or directory) --formatTEXT No pdfOutput format (pdf, image, markdown, html, docx, ics, eml) --technique, -tTEXT No allTechnique(s): all, phase1, phase2, or specific names (comma-separated) --payload-typeTEXT No callbackPayload type: callback, exfil_summary, exfil_context, ssrf_internal, instruction_override, tool_abuse, persistence --payload, --payload-style, -pTEXT No obviousPayload style: obvious, citation, reviewer, helpful, academic, compliance, datasource --name, -nTEXT No reportBase filename --dangerousFLAG No falseEnable non-callback payload types (exfil, ssrf, override, etc.) --seedINT No — Seed for deterministic UUID/token generation (reproducible corpus)
Technique Presets Preset Techniques allAll 34 techniques across all formats phase1white_ink, off_canvas, metadata (PDF basic)phase2tiny_text, white_rect, form_field, annotation, javascript, embedded_file, incremental (PDF advanced)
Individual technique names can also be specified directly or as a comma-separated list. When using --format, only techniques valid for that format are generated — incompatible techniques are skipped with a warning.
Examples Generate all PDF techniques
Generate markdown payloads with citation style
Generate a specific technique with dangerous payload
Reproducible corpus with seed
qai ipi generate --callback http://localhost:8080
techniques List all available hiding techniques.
qai ipi techniques [OPTIONS]
Displays a table of all supported payload hiding techniques, organized by format and phase with descriptions.
Options Option Type Required Default Description --format, -fTEXT No — Filter by format (pdf, image, markdown, html, docx, ics, eml)
Examples List all techniques
List only PDF techniques
List supported output formats.
Displays a table of all document formats with implementation status and technique count. No options.
listen Start the callback listener server.
Launches the FastAPI server that receives and logs callback requests from AI agents that execute the hidden payloads. Also serves the web dashboard at /ui/.
Options Option Type Required Default Description --port, -pINT No 8080Port to listen on --host, -hTEXT No 127.0.0.1Host to bind to
Examples Start on default port
Start on all interfaces, port 9090
The dashboard is available at http://localhost:<port>/ui/ once the listener starts.
status Check status of campaigns and hits.
qai ipi status [UUID] [OPTIONS]
Without arguments, displays a table of all campaigns with hit counts and confidence breakdowns. With a UUID argument, shows detailed information for that campaign including all recorded hits.
Arguments Argument Description UUIDOptional — show details for a specific campaign
Options Option Type Required Default Description --formatTEXT No — Filter by format --techniqueTEXT No — Filter by technique --payload-typeTEXT No — Filter by payload type
Examples Show all campaigns
Show details for a specific campaign
Filter by format and technique
export Export campaigns and hits to JSON.
Exports all campaign and hit data to a JSON file for external analysis, reporting, or backup purposes.
Options Option Type Required Default Description --output, -oPATH No tracking.jsonOutput file path
Examples qai ipi export --output results.json
reset Reset all campaigns, hits, and generated files.
Deletes all campaign and hit records from the database and removes generated payload files from disk. Prompts for confirmation unless --yes is passed.
Options Option Type Required Default Description --yes, -yFLAG No falseSkip confirmation prompt
Examples Reset with confirmation prompt
Reset without confirmation
This permanently deletes all campaign data and generated files. This action cannot be undone.