ThomasVitale
commented
2 months ago Thanks for reporting this issue. The current behaviour is not a bug and I don't see a security vulnerability in the framework.
The current template engine is configured to handle {mykey} as a template key to replace with the provided value. If you need to use the curly braces syntax in your textual prompt, you might be interested in this feature request to make the templating syntax configurable and avoid the conflict altogether. So, for example, you could have the template engine consider $mykey$ as something to replace, leaving you the freedom to use the curly braces throughout your text without getting any exception. https://github.com/spring-projects/spring-ai/issues/355 Would that be enough for your use case?
To mitigate the risk of prompt injection in the end-user applications, I would recommend following the usual best practices whenever user input is involved (like sanitation and validation) and the dedicated suggestions from OWASP: https://genai.owasp.org/llmrisk/llm01-prompt-injection/
For future reference, if you spot a security vulnerability, please follow the project policy for responsible disclosure instead of raising an issue here. https://github.com/spring-projects/spring-ai/security Thank you!
youngmoneee
Bug description There is an issue where an exception occurs during the process of applying an Advisor and rendering user text input if a non-existent key is wrapped in curly braces or if a key used by the Advisor is included in the user text input.
Environment Spring-AI: 1.0.0-SNAPSHOT Java: 17
Steps to reproduce
Expected behavior It may be necessary to ignore non-existent keys or perform pre-compilation on the userText.
Minimal Complete Reproducible example
Here are some example inputs and results.