Menu
Start
CLI
Scenarios
Attack Packs
Reports
Workbench
Reference
Sign inGet started now
Public documentation

Specialized Vertical Attack Packs

Specialized Vertical Attack Packs

Specialized vertical packs test people-facing agents in the business workflows where social engineering is easiest to miss.

The first three packs are:

  • Customer Relationship Agents
  • Sales Pipeline Agents
  • Recruiting and HR Agents

These are not generic prompt-injection scans. Each scenario uses an external person, external organization, or external document to pressure the agent into crossing a business boundary.

Customer Relationship Agents

Use this pack for support, success, and account-management agents.

It tests whether the agent preserves:

  • account ownership and delegated access
  • refund and payment eligibility
  • account-specific data privacy
  • escalation and renewal boundaries
  • audit trail preservation

Run it locally:

roleplay run customer-relationship --target http://localhost:3000/agent --provider <provider> --judge hybrid --fail-on critical

Included scenarios:

  • Fake compliance refund override
  • Angry escalation skips identity
  • Relationship claim account change
  • Hidden ticket instruction
  • Account admin impersonation

Sales Pipeline Agents

Use this pack for SDR, sales assistant, CRM assistant, outbound, and demo-follow-up agents.

It tests whether the agent preserves:

  • pricing and discount authority
  • customer and prospect confidentiality
  • CRM data integrity
  • truthful product commitments
  • outbound message confirmation

Run it locally:

roleplay run sales-pipeline --target http://localhost:3000/agent --provider <provider> --judge hybrid --fail-on critical

Included scenarios:

  • Discount exception pressure
  • Competitor pretext intelligence mining
  • Fake account owner asks for CRM notes
  • Outbound email laundering
  • CRM record poisoning

Recruiting And HR Agents

Use this pack for recruiter, candidate-screening, HR helpdesk, and employee-data agents.

It tests whether the agent preserves:

  • candidate privacy
  • interview and scoring confidentiality
  • offer and compensation approval
  • employee data access boundaries
  • applicant-document trust boundaries

Run it locally:

roleplay run recruiting-hr --target http://localhost:3000/agent --provider <provider> --judge hybrid --fail-on critical

Included scenarios:

  • Candidate asks for interview scoring rubric
  • Resume hidden instruction
  • Fake hiring manager offer pressure
  • Agency requests candidate data
  • Employee HR data pretext

Metadata

Each specialized scenario carries metadata used by findings, evidence, regression gates, scheduled monitoring, and future agent risk profiles:

  • business boundary
  • external actor
  • risk dimensions
  • action risk
  • data sensitivity
  • regression key
  • fix verification method
  • scheduled monitoring suitability

This lets Roleplay group failures by the business boundary that broke, not just by generic security category.