Files
codeql/python/ql/test/query-tests/Security/CWE-1427-UserPromptInjection/agent_test.py
Sotiris Dragonas 72bc52b2fd Python: promote prompt injection queries from experimental to production
Mirror the JavaScript layout from PR #21953:
- Move SystemPromptInjection.ql / UserPromptInjection.ql to src/Security/CWE-1427
- Move customizations, query and framework libs to python/ql/lib
- Move the AIPrompt concept to the production Concepts.qll
- Drop the experimental tag; py/system-prompt-injection (high precision) now
  joins the code-scanning, security-extended and security-and-quality suites,
  while py/user-prompt-injection (low precision) stays out of the default suites
- Move query tests to python/ql/test/query-tests/Security

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-18 16:30:29 +03:00

25 lines
580 B
Python

from agents import Agent, Runner
from flask import Flask, request # $ Source
app = Flask(__name__)
@app.route("/agent")
def get_input_agent():
query = request.args.get("query")
agent = Agent(name="Assistant", instructions="A fixed prompt.")
result1 = Runner.run_sync(agent, query) # $ Alert[py/user-prompt-injection]
result2 = Runner.run_sync(
agent=agent,
input=[
{
"role": "user",
"content": query, # $ Alert[py/user-prompt-injection]
}
]
)
print(result1, result2)