Instruction Bleed: Cross-Module Interference in Prompt-Composed Agentic Systems
Quick Answer
The study identifies compositional behavioral leakage (CBL) in prompt-composed systems, where editing one module affects others without direct dependencies.
Quick Take
The study identifies compositional behavioral leakage (CBL) in prompt-composed systems, where editing one module affects others without direct dependencies. Testing on Claude Sonnet 4.6 revealed significant interference through content changes, highlighting the need for cross-module interference measurement in .
Key Points
- CBL occurs due to architectural non-isolation in transformer models.
- Testing involved 144 trials with Claude Sonnet 4.6 using a three-channel protocol.
- Only content changes produced a detectable effect (Cohen's d = 0.63).
- CBL is distinct from known agent-failure issues like adversarial injection.
- The study provides a reusable protocol and operational definitions for future research.
Paper Resources
Article Content
From source RSS / original summaryarXiv:2606. 26356v1 Announce Type: new Abstract: Practitioners of prompt-composed agentic systems report a recurring failure mode: editing one prompt module silently shifts the behavior of others despite no shared variable or executable dependency. We formalize this as compositional behavioral leakage (CBL): interference between modules sharing a context window. CBL is enabled by architectural non-isolation: transformer self-attention provides no formal boundary between concatenated modules.
We probe CBL on a deployed job-evaluation agent (Claude Sonnet 4. 6, 144 trials) through a reusable three-channel protocol that perturbs non-focal modules along volume, content, and form. Only the content channel produces a detectable paired effect (Cohen's d = 0. 63, bootstrap 95% CI excluding zero); no recommendation flipped -- a sub-threshold regime invisible to standard QA but compounding across the thousands of decisions a deployed agent makes.
CBL is orthogonal to known agent-failure axes (adversarial injection, cognitive degradation, fault propagation, privacy leakage). We contribute an operational definition, a reusable protocol, a falsifiable prediction set, and a system-class characterization, establishing cross-module interference measurement as a requirement for prompt-composed .
Want this in your inbox every morning?
Daily brief at your local 8am — bilingual EN/中文, free.
More from arXiv cs.AI
See more →How Do Tool-Augmented LLM Agents Perform on Real-World Energy Analytics Tasks?
This study evaluates tool-augmented LLM agents on 243 energy market analytics tasks, revealing significant performance differences between closed-source and open-source models. The tasks cover market data retrieval, knowledge interpretation, and quantitative modeling, highlighting the need for real-time data and specialized tools in energy analytics.