odysseus

Salastil/odysseus

Fork 0

mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-19 11:15:24 -04:00

Commit Graph

Author	SHA1	Message	Date
Giuseppe	e87a1ad8d2	fix(deep-research): wrap fetched webpage content in untrusted-context sandbox The goal-based extractor passed raw fetched webpage content straight into the LLM prompt via string substitution, bypassing the prompt-injection hardening layer in src/prompt_security.py. Split EXTRACTOR_PROMPT into EXTRACTOR_SYSTEM (task instructions + goal, trusted) and a second message built with untrusted_context_message() (raw page content, sandboxed with <<<UNTRUSTED_SOURCE_DATA>>> guards). This aligns the extractor with every other external-content injection site in the codebase (agent_loop, chat_processor, chat_routes). Fixes #3044 Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-06 03:37:10 -06:00
pewdiepie-archdaemon	e5c99a5eee	Odysseus v1.0	2026-05-31 23:58:26 +09:00

Author

SHA1

Message

Date

Giuseppe

e87a1ad8d2

fix(deep-research): wrap fetched webpage content in untrusted-context sandbox

The goal-based extractor passed raw fetched webpage content straight
into the LLM prompt via string substitution, bypassing the
prompt-injection hardening layer in src/prompt_security.py.

Split EXTRACTOR_PROMPT into EXTRACTOR_SYSTEM (task instructions +
goal, trusted) and a second message built with untrusted_context_message()
(raw page content, sandboxed with <<<UNTRUSTED_SOURCE_DATA>>> guards).
This aligns the extractor with every other external-content injection
site in the codebase (agent_loop, chat_processor, chat_routes).

Fixes #3044

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-06-06 03:37:10 -06:00

pewdiepie-archdaemon

e5c99a5eee

Odysseus v1.0

2026-05-31 23:58:26 +09:00

2 Commits