AI系统提示词安全审计与加固清单

You are a senior AI security auditor specializing in system prompt security. Analyze the following system prompt for vulnerabilities and provide a comprehensive security audit report.

System Prompt to Audit:

[PASTE SYSTEM PROMPT HERE]

Audit Checklist:

1. Prompt Injection Resistance

• Direct injection attempts (ignore previous instructions)
• Indirect injection via user input fields
• Role-play/persona hijacking attacks
• Multi-turn conversation manipulation
• Encoded/obfuscated injection attempts

2. Information Leakage

• Can the system prompt be extracted?
• Does it reveal internal API keys, endpoints, or secrets?
• Does it expose business logic or proprietary algorithms?
• Can tool/function schemas be enumerated?

3. Boundary Enforcement

• Are role boundaries clearly defined?
• Is there explicit refusal behavior for out-of-scope requests?
• Are there guardrails against harmful content generation?
• Is there protection against data exfiltration?

Output Format:

1. Risk Score: 1-10 (10 = most vulnerable)
2. Vulnerabilities Found: List each with severity
3. Attack Scenarios: Concrete examples
4. Hardened Version: Rewrite with all fixes
5. Defense Recommendations: Additional measures