This paper identifies Logic-Level Prompt Control Injection (LPCI) as a novel security vulnerability class in large language model (LLM)-based intelligent agent systems, exposing stealthy attack surfaces at the logic execution layer and within persistent memory components—including internal memory, vector databases, and tool outputs—that evade conventional input filtering. Method: We formalize multi-stage attack chains involving encoded, delayed, or conditionally triggered malicious payloads, and empirically validate LPCI across mainstream agent architectures using prompt engineering, memory injection analysis, and behavioral monitoring. Contribution/Results: Our work challenges the traditional “input-boundary protection” paradigm by systematically demonstrating LPCI’s real-world exploitability and impact. It reveals how attackers can achieve cross-session unauthorized behavior via memory-persisted prompts, thereby uncovering critical trust boundaries beyond immediate user inputs. The findings provide foundational insights for designing robust defense mechanisms—such as memory sanitization, execution-layer access control, and runtime prompt integrity verification—in LLM agent systems.

The integration of large language models (LLMs) into enterprise systems has created a new class of covert security vulnerabilities, particularly within logic-execution layers and persistent-memory contexts. In this paper, we introduce Logic-Layer Prompt Control Injection (LPCI), a novel attack category in which encoded, delayed, and conditionally triggered payloads are embedded in memory, vector stores, or tool outputs. These payloads can bypass conventional input filters and trigger unauthorised behaviour across sessions.