🧪 Prompt Injection Playground

This interactive lab shows how instructions can hide in plain sight using invisible Unicode tag characters and emoji variation selectors. Explore how prompt injection can sneak into ordinary text, and practice defending against it.

Defense ideas: normalize and sanitize inputs, remove non‑printing characters (e.g., Plane 14 tags and variation selectors), enforce allowlists for expected characters, and isolate or escape untrusted content — much like proven strategies for SQL injection.

Further reading: Hiding in Plain Sight (Medium) · Hide in Emoji (PowerShellForHackers)

Disclaimer: This tool is for research and education only. Use it responsibly and lawfully — don’t employ it to conceal malicious or unauthorized content. Have fun learning, stay curious, and stay 🛡️ safe.

Invisible Text Encoder / Decoder

Encode visible text into invisible Unicode tag characters and decode it back.

Input

Output

Carrier Paragraph (spaces will carry invisible command)

Embedded Output

Decoded Hidden Text

Annotated Preview (hidden shown highlighted)

Stripped Output

Emoji Encoder / Decoder

Encode text into emoji variation selectors (4 bits each), with optional AES-GCM encryption.

Emoji: Encrypt