From a6e11c6d221ae8d7b3c8d434b5b1c8ff03cdfe4f Mon Sep 17 00:00:00 2001 From: huangzhenpc Date: Tue, 12 May 2026 11:41:44 +0800 Subject: [PATCH] fix: drop --- SYSTEM PROMPT --- wrapper in Claude path to avoid Kiro injection detection Kiro's upstream model is trained to identify and resist --- SYSTEM PROMPT --- marker blocks as injection attempts, causing it to actively reject the user's system prompt and self-correct its identity. Switch the Claude path to the same plain-prepend approach already used by the OpenAI path: system content is joined directly before the user message without any marker, matching natural context. The sanitizer (reSysPromptBlock) still strips the old marker format from conversation history until existing contamination clears out. Co-Authored-By: Claude Sonnet 4.6 --- proxy/translator.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/proxy/translator.go b/proxy/translator.go index 4c5dc62..1c11fd7 100644 --- a/proxy/translator.go +++ b/proxy/translator.go @@ -280,10 +280,10 @@ func ClaudeToKiro(req *ClaudeRequest, thinking bool) *KiroPayload { history = trimLeadingAssistantHistory(history) - // 构建最终内容 + // 构建最终内容(系统提示直接拼接,不加 --- SYSTEM PROMPT --- 标记以避免 Kiro 将其识别为注入攻击) finalContent := "" if systemPrompt != "" { - finalContent = "--- SYSTEM PROMPT ---\n" + systemPrompt + "\n--- END SYSTEM PROMPT ---\n\n" + finalContent = systemPrompt + "\n\n" } if currentContent != "" { finalContent += currentContent