hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-15 03:54:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
628f85aebcf23ee9a7a944c8ca8d00aefc00b8eb
codeql/python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/agent_instructions.py
Owen Mansel-Chan 5a97348e78 python: Inline expectation should have space after $ 
This was a regex-find-replace from `# \$(?! )` (using a negative lookahead) to `# $ `.
2026-03-04 12:45:05 +00:00

39 lines
984 B
Python
Raw Blame History

from agents import Agent, Runner
from flask import Flask, request # $ Source
app = Flask(__name__)
@app.route("/parameter-route")
def get_input1():
input = request.args.get("input")
agent = Agent(name="Assistant", instructions="This prompt is customized for " + input) # $ Alert[py/prompt-injection]
result = Runner.run_sync(agent, "This is a user message.")
print(result.final_output)
@app.route("/parameter-route")
def get_input2():
input = request.args.get("input")
agent = Agent(name="Assistant", instructions="This prompt is not customized.")
result = Runner.run_sync(
agent=agent,
input=[
{
"role": "user",
"content": input, # $ Alert[py/prompt-injection]
}
]
)
result2 = Runner.run_sync(
agent,
[
{
"role": "user",
"content": input, # $ Alert[py/prompt-injection]
}
]
)
Reference in New Issue View Git Blame Copy Permalink