Files
codeql/python/ql/lib/semmle/python/frameworks/agent.model.yml
2026-07-02 15:59:39 +02:00

16 lines
1.0 KiB
YAML

extensions:
- addsTo:
pack: codeql/python-all
extensible: sinkModel
data:
# Agent instructions, handoff descriptions and tool descriptions are system-level prompts
- ['agents', 'Member[Agent].Argument[instructions:]', 'system-prompt-injection']
- ['agents', 'Member[Agent].Argument[handoff_description:]', 'system-prompt-injection']
- ['agents', 'Member[Agent].ReturnValue.Member[as_tool].Argument[1,tool_description:]', 'system-prompt-injection']
- ['agents', 'Member[FunctionTool].Argument[description:]', 'system-prompt-injection']
# The `@function_tool` decorator's explicit description override is a model-facing instruction
- ['agents', 'Member[function_tool].Argument[description_override:]', 'system-prompt-injection']
# The input passed to a run is user-level content
- ['agents', 'Member[Runner].Member[run,run_sync,run_streamed].Argument[1]', 'user-prompt-injection']
- ['agents', 'Member[Runner].Member[run,run_sync,run_streamed].Argument[input:]', 'user-prompt-injection']