hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-19 03:41:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Grammar

Browse Source 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
Sotiris Dragonas
2026-06-16 11:57:58 +03:00
committed by GitHub
parent d72372c246
commit 8f965a9614
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/Security/CWE-1427/UserPromptInjection.qhelp
View File

@@ -18,7 +18,7 @@ context, or trigger unintended tool calls.</p>
<recommendation>
<p>To mitigate user prompt injection:</p>
<ul>
<li>Ensure that all data flowing into user-input is intended and necessary for the purpose of the AI system.</li>
<li>Ensure that all data flowing into user input is intended and necessary for the purpose of the AI system.</li>
<li>Ensure the system prompt clearly describes the purpose, scope and boundaries of the AI system. Instruct the system to deny input that falls outside these boundaries.</li>
<li>If creating a prompt out of multiple user-controlled values, assume that each of them can be malicious. Ensure the range of possible values is restricted and validated.
For example, if a prompt includes a question and the intended language to respond in, validate that the language is one of the supported options.</li>