From d9818c263e94536ffc5dd6b965d22efd78c18c9a Mon Sep 17 00:00:00 2001
From: iven <iven_h@qq.com>
Date: Wed, 6 May 2026 10:21:35 +0800
Subject: [PATCH] =?UTF-8?q?fix(ai):=20AI=20=E6=8F=90=E7=A4=BA=E8=AF=8D?=
 =?UTF-8?q?=E6=A8=A1=E6=9D=BF=E6=B7=BB=E5=8A=A0=E5=AE=89=E5=85=A8=E6=A3=80?=
 =?UTF-8?q?=E6=9F=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 crates/erp-ai/src/handler/mod.rs | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/crates/erp-ai/src/handler/mod.rs b/crates/erp-ai/src/handler/mod.rs
index 1dc5dec..c5a6929 100644
--- a/crates/erp-ai/src/handler/mod.rs
+++ b/crates/erp-ai/src/handler/mod.rs
@@ -426,6 +426,8 @@ where
     S: Clone + Send + Sync + 'static,
 {
     require_permission(&ctx, "ai.prompt.manage")?;
+    validate_prompt_safety(&body.system_prompt)?;
+    validate_prompt_safety(&body.user_prompt_template)?;
     let prompt = state
         .prompt
         .create_prompt(
@@ -683,3 +685,24 @@ fn build_sse_stream(
         yield Ok(Event::default().event("done").data(data));
     }
 }
+
+/// 检查提示词内容是否包含可疑注入模式
+fn validate_prompt_safety(content: &str) -> Result<(), erp_core::error::AppError> {
+    let suspicious = [
+        "ignore previous",
+        "ignore all previous",
+        "ignore above",
+        "disregard previous",
+        "you are now",
+        "new instructions:",
+    ];
+    let lower = content.to_lowercase();
+    for pattern in &suspicious {
+        if lower.contains(pattern) {
+            return Err(erp_core::error::AppError::Validation(
+                format!("提示词内容包含不安全模式: {}", pattern),
+            ));
+        }
+    }
+    Ok(())
+}