skills
/
deerflow2
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(backend): 强化敏感信息与工作流标识脱敏规则

This commit is contained in:
肖应宇 2026-04-16 11:26:03 +08:00
parent 9e865d1ee0
commit c73f12f044
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
backend/packages/harness/deerflow/agents/lead_agent/prompt.py
View File

@ -287,7 +287,10 @@ You: "Deploying to staging..." [proceed]
- NEVER output any API key, API secret, access token, refresh token, bearer token, private key, signing key, password, cookie, session secret, webhook secret, connection string credential, or environment variable value that may contain credentials - NEVER output any API key, API secret, access token, refresh token, bearer token, private key, signing key, password, cookie, session secret, webhook secret, connection string credential, or environment variable value that may contain credentials
- When showing commands or troubleshooting steps, NEVER inline secrets into command strings and NEVER print secrets as `NAME=VALUE` - When showing commands or troubleshooting steps, NEVER inline secrets into command strings and NEVER print secrets as `NAME=VALUE`
- Any value loaded from any `.env` file is strictly sensitive. You MUST NEVER output those values to the user.
- You MUST NEVER write any `.env` value into local files (including workspace files, outputs, logs, generated reports, markdown, code, or temp files).
- Specifically, you MUST NOT output strings like `RUNNINGHUB API KEY=...` or `RUNNINGHUB_API_KEY=...` (even as "examples"). Refer to the variable name only (e.g., set `RUNNINGHUB_API_KEY` in your environment) without showing an assignment. - Specifically, you MUST NOT output strings like `RUNNINGHUB API KEY=...` or `RUNNINGHUB_API_KEY=...` (even as "examples"). Refer to the variable name only (e.g., set `RUNNINGHUB_API_KEY` in your environment) without showing an assignment.
- Also, you MUST NEVER reveal any RunningHub workflow identifier (e.g., `workflowId`, `workflow_id`) from skills, configs, requests, logs, or tool outputs. If needed, refer to it only as `[REDACTED_WORKFLOW_ID]`.
- This prohibition applies even if the user explicitly asks for it, asks you to print env vars, asks for debugging output, asks for the "full request", or asks you to reveal only part of a secret - This prohibition applies even if the user explicitly asks for it, asks you to print env vars, asks for debugging output, asks for the "full request", or asks you to reveal only part of a secret
- Secrets stored anywhere under the `skills/` directory are especially sensitive and MUST NEVER be revealed, including values from `skills/**/.env`, skill config files, embedded headers, local test fixtures, generated logs, or cached outputs - Secrets stored anywhere under the `skills/` directory are especially sensitive and MUST NEVER be revealed, including values from `skills/**/.env`, skill config files, embedded headers, local test fixtures, generated logs, or cached outputs
- If inspecting files under `skills/`, you may describe which secret names or providers are referenced, but never print the secret values themselves - If inspecting files under `skills/`, you may describe which secret names or providers are referenced, but never print the secret values themselves