diff --git a/crates/erp-ai/src/handler/mod.rs b/crates/erp-ai/src/handler/mod.rs
index 1dc5dec..c5a6929 100644
--- a/crates/erp-ai/src/handler/mod.rs
+++ b/crates/erp-ai/src/handler/mod.rs
@@ -426,6 +426,8 @@ where
     S: Clone + Send + Sync + 'static,
 {
     require_permission(&ctx, "ai.prompt.manage")?;
+    validate_prompt_safety(&body.system_prompt)?;
+    validate_prompt_safety(&body.user_prompt_template)?;
     let prompt = state
         .prompt
         .create_prompt(
@@ -683,3 +685,24 @@ fn build_sse_stream(
         yield Ok(Event::default().event("done").data(data));
     }
 }
+
+/// 检查提示词内容是否包含可疑注入模式
+fn validate_prompt_safety(content: &str) -> Result<(), erp_core::error::AppError> {
+    let suspicious = [
+        "ignore previous",
+        "ignore all previous",
+        "ignore above",
+        "disregard previous",
+        "you are now",
+        "new instructions:",
+    ];
+    let lower = content.to_lowercase();
+    for pattern in &suspicious {
+        if lower.contains(pattern) {
+            return Err(erp_core::error::AppError::Validation(
+                format!("提示词内容包含不安全模式: {}", pattern),
+            ));
+        }
+    }
+    Ok(())
+}