CodeCow/stack
1
0
Fork 0
mirror of https://github.com/stack-auth/stack.git synced 2026-06-13 21:01:21 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Escape config file name in agent prompt to prevent prompt injection

Browse Source 
JSON-encode configFileName in buildConfigUpdatePrompt, matching the
existing treatment of config paths/values, so a file name containing a
backtick can't break out of the prompt's code span.

Co-Authored-By: mantra <mantra@stack-auth.com>
This commit is contained in:
Devin AI 2026-06-02 20:34:47 +00:00
parent 91920ac661
commit 197eda83f9
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/dashboard/src/lib/remote-development-environment/config-file.ts
View File

@ -352,9 +352,13 @@ function buildConfigUpdatePrompt(configFileName: string, configUpdate: Config):
return `- ${JSON.stringify(configPath)}: set to ${JSON.stringify(value)}`;
}).join("\n");
// The file name comes from the on-disk path (effectively untrusted), so it's
// JSON-encoded for the same reason the change paths/values are above: a name
// containing a backtick would otherwise break out of this code span and could
// inject extra instructions into the prompt.
return `You are editing a Hexclave / Stack Auth configuration file in place. Apply a set of configuration changes WITHOUT changing how the file is written.
Config file: \`${configFileName}\` (in the current working directory).
Config file: ${JSON.stringify(configFileName)} (in the current working directory).
The file exports a \`config\` object (it may be wrapped in a helper such as \`defineStackConfig(...)\`). Some config values may be sourced from other files via imports, for example: