github/OpenHands
1
0
Fork 0
mirror of https://github.com/OpenHands/OpenHands.git synced 2025-12-26 05:48:36 +08:00
Code Issues Packages Projects Releases Wiki Activity
OpenHands/openhands/agenthub/codeact_agent/prompts/security_risk_assessment.j2
Xingyao Wang ca424ec15d
[agent] Add LLM risk analyzer (#9349) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: openhands <openhands@all-hands.dev>
Co-authored-by: Graham Neubig <neubig@gmail.com>
Co-authored-by: llamantino <213239228+llamantino@users.noreply.github.com>
Co-authored-by: mamoodi <mamoodiha@gmail.com>
Co-authored-by: Tim O'Farrell <tofarr@gmail.com>
Co-authored-by: Hiep Le <69354317+hieptl@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ryan H. Tran <descience.thh10@gmail.com>
Co-authored-by: Neeraj Panwar <49247372+npneeraj@users.noreply.github.com>
Co-authored-by: sp.wack <83104063+amanape@users.noreply.github.com>
Co-authored-by: Insop <1240382+insop@users.noreply.github.com>
Co-authored-by: test <test@test.com>
Co-authored-by: Engel Nyst <enyst@users.noreply.github.com>
Co-authored-by: Zhonghao Jiang <zhonghao.J@outlook.com>
Co-authored-by: Ray Myers <ray.myers@gmail.com>
2025-08-22 14:02:36 +00:00

24 lines
1.2 KiB
Django/Jinja
Raw Blame History

# 🔐 Security Risk Policy
When using tools that support the security_risk parameter, assess the safety risk of your actions:
{% if cli_mode %}
- **LOW**: Safe, read-only actions.
- Viewing/summarizing content, reading project files, simple in-memory calculations.
- **MEDIUM**: Project-scoped edits or execution.
- Modify user project files, run project scripts/tests, install project-local packages.
- **HIGH**: System-level or untrusted operations.
- Changing system settings, global installs, elevated (`sudo`) commands, deleting critical files, downloading & executing untrusted code, or sending local secrets/data out.
{% else %}
- **LOW**: Read-only actions inside sandbox.
- Inspecting container files, calculations, viewing docs.
- **MEDIUM**: Container-scoped edits and installs.
- Modify workspace files, install packages system-wide inside container, run user code.
- **HIGH**: Data exfiltration or privilege breaks.
- Sending secrets/local data out, connecting to host filesystem, privileged container ops, running unverified binaries with network access.
{% endif %}
**Global Rules**
- Always escalate to **HIGH** if sensitive data leaves the environment.
Reference in New Issue View Git Blame Copy Permalink