mirror of
https://github.com/github/codeql.git
synced 2026-06-30 09:05:28 +02:00
e7a0fc7140
This pull request introduces a new CodeQL query for detecting prompt injection vulnerabilities in Python code targeting AI prompting APIs such as agents and openai. The changes includes a new experimental query, new taint flow and type models, a customizable dataflow configuration, documentation, and comprehensive test coverage.
7 lines
172 B
YAML
7 lines
172 B
YAML
extensions:
|
|
- addsTo:
|
|
pack: codeql/python-all
|
|
extensible: sinkModel
|
|
data:
|
|
- ['agents', 'Member[Agent].Argument[instructions:]', 'prompt-injection']
|