fix: drop --- SYSTEM PROMPT --- wrapper in Claude path to avoid Kiro injection detection
Some checks failed
Build Docker Image / build (push) Has been cancelled
Some checks failed
Build Docker Image / build (push) Has been cancelled
Kiro's upstream model is trained to identify and resist --- SYSTEM PROMPT --- marker blocks as injection attempts, causing it to actively reject the user's system prompt and self-correct its identity. Switch the Claude path to the same plain-prepend approach already used by the OpenAI path: system content is joined directly before the user message without any marker, matching natural context. The sanitizer (reSysPromptBlock) still strips the old marker format from conversation history until existing contamination clears out. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -280,10 +280,10 @@ func ClaudeToKiro(req *ClaudeRequest, thinking bool) *KiroPayload {
|
||||
|
||||
history = trimLeadingAssistantHistory(history)
|
||||
|
||||
// 构建最终内容
|
||||
// 构建最终内容(系统提示直接拼接,不加 --- SYSTEM PROMPT --- 标记以避免 Kiro 将其识别为注入攻击)
|
||||
finalContent := ""
|
||||
if systemPrompt != "" {
|
||||
finalContent = "--- SYSTEM PROMPT ---\n" + systemPrompt + "\n--- END SYSTEM PROMPT ---\n\n"
|
||||
finalContent = systemPrompt + "\n\n"
|
||||
}
|
||||
if currentContent != "" {
|
||||
finalContent += currentContent
|
||||
|
||||
Reference in New Issue
Block a user