Beyond Prompt Filters: Structural Risk Gating for Agentic LLM Safety

This preprint proposes a structural approach to mitigating prompt injection in agentic large language model (LLM) systems. While most existing defenses focus on prompt-level filtering, linguistic sanitization, or model alignment techniques, this work argues that prompt injection should be reframed as an architectural and operational safety problem. In tool-using and agentic LLM environments, attacks frequently exploit trust-boundary confusion, privilege escalation pathways, and irreversible execution channels rather than purely linguistic weaknesses. The paper introduces a structural risk gating framework built on the following design principles: • Separation of execution and auditing roles • Explicit modeling of trust boundaries • Privilege minimization with gated escalation • Abstract risk labeling beyond attack templates • Modality-aware auditing • Governance-aware logging and reviewability Instead of enumerating specific attack prompts, this framework targets the architectural preconditions that enable prompt injection to succeed. The paper outlines a threat model, expected trade-offs, and directions for empirical validation. It is intended as a conceptual contribution toward safer deployment architectures for agentic LLM systems. Keywords: prompt injection, LLM security, agentic AI, AI governance, structural safety