This repository presents proof-of-concept demonstrations of a new class of vulnerabilities affecting LLMs integrated into applications. It shows how prompt injections can enable remote control of LLMs, exfiltration of user data, persistent compromise across sessions, and attacks on code completion engines like Copilot. The work is based on an academic paper published on ArXiv and includes working demos for GPT-4, GPT-3, and LangChain-based applications.