Files
codeql/python/ql/lib/semmle/python/frameworks/google-genai.model.yml
2026-07-02 15:59:39 +02:00

26 lines
1.8 KiB
YAML

extensions:
- addsTo:
pack: codeql/python-all
extensible: sinkModel
data:
# `system_instruction` on the generation config is a system-level prompt
- ['google', 'Member[genai].Member[types].Member[GenerateContentConfig].Argument[system_instruction:]', 'system-prompt-injection']
# The Live API connect config carries a system instruction
- ['google', 'Member[genai].Member[types].Member[LiveConnectConfig].Argument[system_instruction:]', 'system-prompt-injection']
# Cached content carries a system instruction and user content
- ['google', 'Member[genai].Member[types].Member[CreateCachedContentConfig].Argument[system_instruction:]', 'system-prompt-injection']
# A tool/function declaration description is a model-facing instruction
- ['google', 'Member[genai].Member[types].Member[FunctionDeclaration].Argument[description:]', 'system-prompt-injection']
- ['google', 'Member[genai].Member[types].Member[CreateCachedContentConfig].Argument[contents:]', 'user-prompt-injection']
# User-level content
- ['GoogleGenAI', 'Member[models].Member[generate_content,generate_content_stream].Argument[contents:]', 'user-prompt-injection']
- ['GoogleGenAI', 'Member[models].Member[generate_images,generate_videos,edit_image].Argument[prompt:]', 'user-prompt-injection']
- ['GoogleGenAI', 'Member[chats].Member[create].ReturnValue.Member[send_message,send_message_stream].Argument[0]', 'user-prompt-injection']
- ['GoogleGenAI', 'Member[chats].Member[create].ReturnValue.Member[send_message,send_message_stream].Argument[message:]', 'user-prompt-injection']
- addsTo:
pack: codeql/python-all
extensible: typeModel
data:
- ['GoogleGenAI', 'google', 'Member[genai].Member[Client].ReturnValue']