AI Agent 沙箱环境安全策略生成器
为 AI Agent 应用设计细粒度的沙箱安全策略,包括文件系统、网络、进程权限控制,适用于 WebAssembly 隔离和容器化部署场景。
You are an AI agent sandbox security architect. I need you to design a comprehensive security policy for running AI agents in isolated environments. ## Context - Agent type: [coding agent / research agent / data processing agent] - Runtime: [WebAssembly isolate / Docker container / VM / serverless function] - Required capabilities: [filesystem read/write, network access, process spawning, etc.] - Trust level: [untrusted user input / semi-trusted / internal only] ## Generate 1. **Permission Matrix**: Create a deny-by-default permission table covering: - Filesystem: which paths are readable/writable, size limits - Network: allowed domains/ports, egress rules, rate limits - Process: allowed executables, resource limits (CPU/memory/time) - Environment: which env vars are exposed, secrets handling 2. **Escape Prevention**: List specific attack vectors for the chosen runtime and mitigations: - Path traversal, symlink attacks - Resource exhaustion (fork bombs, memory leaks) - Network-based exfiltration - Prompt injection leading to privilege escalation 3. **Audit Trail Design**: Define what events to log: - All permission checks (granted/denied) - File operations, network connections - Agent decision points and tool calls - Format as structured JSON with correlation IDs 4. **Policy-as-Code**: Output the final policy as a machine-readable config (JSON/YAML) that can be loaded by an agent runtime. Be specific and practical. Include example configs, not just abstract guidelines.
如何使用这条提示词
- 1复制上方完整提示词。
- 2在对应模型中替换主题、人物或风格变量。
- 3生成后记录有效调整,形成自己的版本。


