[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"similar-prompt-security--ps-fuzz":3,"tool-prompt-security--ps-fuzz":64},[4,17,27,35,43,56],{"id":5,"name":6,"github_repo":7,"description_zh":8,"stars":9,"difficulty_score":10,"last_commit_at":11,"category_tags":12,"status":16},3808,"stable-diffusion-webui","AUTOMATIC1111\u002Fstable-diffusion-webui","stable-diffusion-webui 是一个基于 Gradio 构建的网页版操作界面，旨在让用户能够轻松地在本地运行和使用强大的 Stable Diffusion 图像生成模型。它解决了原始模型依赖命令行、操作门槛高且功能分散的痛点，将复杂的 AI 绘图流程整合进一个直观易用的图形化平台。\n\n无论是希望快速上手的普通创作者、需要精细控制画面细节的设计师，还是想要深入探索模型潜力的开发者与研究人员，都能从中获益。其核心亮点在于极高的功能丰富度：不仅支持文生图、图生图、局部重绘（Inpainting）和外绘（Outpainting）等基础模式，还独创了注意力机制调整、提示词矩阵、负向提示词以及“高清修复”等高级功能。此外，它内置了 GFPGAN 和 CodeFormer 等人脸修复工具，支持多种神经网络放大算法，并允许用户通过插件系统无限扩展能力。即使是显存有限的设备，stable-diffusion-webui 也提供了相应的优化选项，让高质量的 AI 艺术创作变得触手可及。",162132,3,"2026-04-05T11:01:52",[13,14,15],"开发框架","图像","Agent","ready",{"id":18,"name":19,"github_repo":20,"description_zh":21,"stars":22,"difficulty_score":23,"last_commit_at":24,"category_tags":25,"status":16},1381,"everything-claude-code","affaan-m\u002Feverything-claude-code","everything-claude-code 是一套专为 AI 编程助手（如 Claude Code、Codex、Cursor 等）打造的高性能优化系统。它不仅仅是一组配置文件，而是一个经过长期实战打磨的完整框架，旨在解决 AI 代理在实际开发中面临的效率低下、记忆丢失、安全隐患及缺乏持续学习能力等核心痛点。\n\n通过引入技能模块化、直觉增强、记忆持久化机制以及内置的安全扫描功能，everything-claude-code 能显著提升 AI 在复杂任务中的表现，帮助开发者构建更稳定、更智能的生产级 AI 代理。其独特的“研究优先”开发理念和针对 Token 消耗的优化策略，使得模型响应更快、成本更低，同时有效防御潜在的攻击向量。\n\n这套工具特别适合软件开发者、AI 研究人员以及希望深度定制 AI 工作流的技术团队使用。无论您是在构建大型代码库，还是需要 AI 协助进行安全审计与自动化测试，everything-claude-code 都能提供强大的底层支持。作为一个曾荣获 Anthropic 黑客大奖的开源项目，它融合了多语言支持与丰富的实战钩子（hooks），让 AI 真正成长为懂上",138956,2,"2026-04-05T11:33:21",[13,15,26],"语言模型",{"id":28,"name":29,"github_repo":30,"description_zh":31,"stars":32,"difficulty_score":23,"last_commit_at":33,"category_tags":34,"status":16},2271,"ComfyUI","Comfy-Org\u002FComfyUI","ComfyUI 是一款功能强大且高度模块化的视觉 AI 引擎，专为设计和执行复杂的 Stable Diffusion 图像生成流程而打造。它摒弃了传统的代码编写模式，采用直观的节点式流程图界面，让用户通过连接不同的功能模块即可构建个性化的生成管线。\n\n这一设计巧妙解决了高级 AI 绘图工作流配置复杂、灵活性不足的痛点。用户无需具备编程背景，也能自由组合模型、调整参数并实时预览效果，轻松实现从基础文生图到多步骤高清修复等各类复杂任务。ComfyUI 拥有极佳的兼容性，不仅支持 Windows、macOS 和 Linux 全平台，还广泛适配 NVIDIA、AMD、Intel 及苹果 Silicon 等多种硬件架构，并率先支持 SDXL、Flux、SD3 等前沿模型。\n\n无论是希望深入探索算法潜力的研究人员和开发者，还是追求极致创作自由度的设计师与资深 AI 绘画爱好者，ComfyUI 都能提供强大的支持。其独特的模块化架构允许社区不断扩展新功能，使其成为当前最灵活、生态最丰富的开源扩散模型工具之一，帮助用户将创意高效转化为现实。",107662,"2026-04-03T11:11:01",[13,14,15],{"id":36,"name":37,"github_repo":38,"description_zh":39,"stars":40,"difficulty_score":23,"last_commit_at":41,"category_tags":42,"status":16},3704,"NextChat","ChatGPTNextWeb\u002FNextChat","NextChat 是一款轻量且极速的 AI 助手，旨在为用户提供流畅、跨平台的大模型交互体验。它完美解决了用户在多设备间切换时难以保持对话连续性，以及面对众多 AI 模型不知如何统一管理的痛点。无论是日常办公、学习辅助还是创意激发，NextChat 都能让用户随时随地通过网页、iOS、Android、Windows、MacOS 或 Linux 端无缝接入智能服务。\n\n这款工具非常适合普通用户、学生、职场人士以及需要私有化部署的企业团队使用。对于开发者而言，它也提供了便捷的自托管方案，支持一键部署到 Vercel 或 Zeabur 等平台。\n\nNextChat 的核心亮点在于其广泛的模型兼容性，原生支持 Claude、DeepSeek、GPT-4 及 Gemini Pro 等主流大模型，让用户在一个界面即可自由切换不同 AI 能力。此外，它还率先支持 MCP（Model Context Protocol）协议，增强了上下文处理能力。针对企业用户，NextChat 提供专业版解决方案，具备品牌定制、细粒度权限控制、内部知识库整合及安全审计等功能，满足公司对数据隐私和个性化管理的高标准要求。",87618,"2026-04-05T07:20:52",[13,26],{"id":44,"name":45,"github_repo":46,"description_zh":47,"stars":48,"difficulty_score":23,"last_commit_at":49,"category_tags":50,"status":16},2268,"ML-For-Beginners","microsoft\u002FML-For-Beginners","ML-For-Beginners 是由微软推出的一套系统化机器学习入门课程，旨在帮助零基础用户轻松掌握经典机器学习知识。这套课程将学习路径规划为 12 周，包含 26 节精炼课程和 52 道配套测验，内容涵盖从基础概念到实际应用的完整流程，有效解决了初学者面对庞大知识体系时无从下手、缺乏结构化指导的痛点。\n\n无论是希望转型的开发者、需要补充算法背景的研究人员，还是对人工智能充满好奇的普通爱好者，都能从中受益。课程不仅提供了清晰的理论讲解，还强调动手实践，让用户在循序渐进中建立扎实的技能基础。其独特的亮点在于强大的多语言支持，通过自动化机制提供了包括简体中文在内的 50 多种语言版本，极大地降低了全球不同背景用户的学习门槛。此外，项目采用开源协作模式，社区活跃且内容持续更新，确保学习者能获取前沿且准确的技术资讯。如果你正寻找一条清晰、友好且专业的机器学习入门之路，ML-For-Beginners 将是理想的起点。",84991,"2026-04-05T10:45:23",[14,51,52,53,15,54,26,13,55],"数据工具","视频","插件","其他","音频",{"id":57,"name":58,"github_repo":59,"description_zh":60,"stars":61,"difficulty_score":10,"last_commit_at":62,"category_tags":63,"status":16},3128,"ragflow","infiniflow\u002Fragflow","RAGFlow 是一款领先的开源检索增强生成（RAG）引擎，旨在为大语言模型构建更精准、可靠的上下文层。它巧妙地将前沿的 RAG 技术与智能体（Agent）能力相结合，不仅支持从各类文档中高效提取知识，还能让模型基于这些知识进行逻辑推理和任务执行。\n\n在大模型应用中，幻觉问题和知识滞后是常见痛点。RAGFlow 通过深度解析复杂文档结构（如表格、图表及混合排版），显著提升了信息检索的准确度，从而有效减少模型“胡编乱造”的现象，确保回答既有据可依又具备时效性。其内置的智能体机制更进一步，使系统不仅能回答问题，还能自主规划步骤解决复杂问题。\n\n这款工具特别适合开发者、企业技术团队以及 AI 研究人员使用。无论是希望快速搭建私有知识库问答系统，还是致力于探索大模型在垂直领域落地的创新者，都能从中受益。RAGFlow 提供了可视化的工作流编排界面和灵活的 API 接口，既降低了非算法背景用户的上手门槛，也满足了专业开发者对系统深度定制的需求。作为基于 Apache 2.0 协议开源的项目，它正成为连接通用大模型与行业专有知识之间的重要桥梁。",77062,"2026-04-04T04:44:48",[15,14,13,26,54],{"id":65,"github_repo":66,"name":67,"description_en":68,"description_zh":69,"ai_summary_zh":69,"readme_en":70,"readme_zh":71,"quickstart_zh":72,"use_case_zh":73,"hero_image_url":74,"owner_login":75,"owner_name":76,"owner_avatar_url":77,"owner_bio":78,"owner_company":79,"owner_location":79,"owner_email":79,"owner_twitter":79,"owner_website":79,"owner_url":80,"languages":81,"stars":90,"forks":91,"last_commit_at":92,"license":93,"difficulty_score":23,"env_os":94,"env_gpu":94,"env_ram":94,"env_deps":95,"category_tags":99,"github_topics":100,"view_count":10,"oss_zip_url":79,"oss_zip_packed_at":79,"status":16,"created_at":110,"updated_at":111,"faqs":112,"releases":142},717,"prompt-security\u002Fps-fuzz","ps-fuzz","Make your GenAI Apps Safe & Secure :rocket: Test & harden your system prompt","ps-fuzz 是一款面向生成式 AI 应用的开源安全测试工具，专注于系统提示词的脆弱性检测与加固。面对大模型应用中常见的越狱攻击、提示词注入及敏感信息泄露风险，ps-fuzz 通过模拟多种动态攻击场景，自动评估系统提示词的安全性，并提供针对性的修复建议。ps-fuzz 非常适合 AI 开发者、安全研究人员以及负责模型落地的工程师使用。其技术亮点在于支持超过 16 种主流大模型提供商，内置包括越狱、RAG 投毒在内的 16 类攻击测试模式。除了命令行批量测试外，ps-fuzz 还配备了交互式 Playground 界面，允许用户在模拟对抗中反复迭代优化提示词，直至达到安全标准。此外，ps-fuzz 支持多线程并发测试，能显著提升评估效率。使用 ps-fuzz，可以让生成式 AI 应用在上线前就具备更强的防御能力。","\u003Ch1 align=\"center\">\n  \u003Cimg src=\"resources\u002Fprompt-icon.svg\" alt=\"prompt-icon\">\n  Prompt Fuzzer\n  \u003Cimg src=\"resources\u002Fprompt-icon.svg\" alt=\"prompt-icon\">\n\u003C\u002Fh1>\n\n\u003Ch2 align=\"center\">\n  The open-source tool to help you harden your GenAI applications\n\u003Cbr>\n\u003Cbr>\n\n[![License: MIT](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-yellow.svg)](https:\u002F\u002Fopensource.org\u002Flicenses\u002FMIT)\n![ci](https:\u002F\u002Fgithub.com\u002Fprompt-security\u002Fps-fuzz\u002Factions\u002Fworkflows\u002Fci.yml\u002Fbadge.svg)\n![GitHub contributors](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fcontributors\u002Fprompt-security\u002Fps-fuzz)\n![Last release](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002Fprompt-security\u002Fps-fuzz)\n[![Open In Colab](https:\u002F\u002Fcolab.research.google.com\u002Fassets\u002Fcolab-badge.svg)](https:\u002F\u002Fcolab.research.google.com\u002Fdrive\u002F148n5M1wZXp-ojhnh-_KP01OYtUwJwlUl?usp=sharing)\n\u003C\u002Fh2>\n\n\n\u003Cdiv align=\"center\">\n\n\u003Ch4> Brought to you by Prompt Security, the Complete Platform for GenAI Security\n\n\u003C\u002Fdiv>\n\n---\n\n\u003Cdiv align=\"center\">\n  \n![Prompt Security Logo](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fprompt-security_ps-fuzz_readme_d2c39cea53ad.png)\n\n\u003C\u002Fdiv>\n\n---\n\n\nTable of Contents\n-----------------\n\n\u003C!-- vim-markdown-toc GFM -->\n* [ :sparkles: About](#what-is-prompt-fuzzer)\n* [ :rotating_light: Features](#features)\n* [ :rocket: Installation](#installation)\n    * [Using pip](#using-pip)\n    * [Package page](https:\u002F\u002Fpypi.org\u002Fproject\u002Fprompt-security-fuzzer\u002F)\n    * [:construction: Using docker](#docker) ***coming soon*** \n* [Usage](#usage)\n    * [Features](#features)\n    * [Environment variables](#environment-variables)\n    * [Supported LLMs](#llm-providers)\n    * [Command line options](#options)\n* [Examples](#examples)\n    * [Interactive mode](#interactive)\n    * [Quickstart single run](#singlerun)\n* [ :clapper: Demo video](#demovideo)\n* [Supported attacks](#attacks)\n   * [Jailbreak](#jailbreak)\n   * [Prompt Injection](#pi-injection)\n   * [RAG & Vector Database Attacks](#rag-poisoning)\n   * [System prompt extraction](#systemleak)\n* [ :rainbow:  What’s next on the roadmap?](#roadmap)\n* [ :beers: Contributing](#contributing)\n\n\u003Cbr>\n\n\n\u003Ca id=\"what-is-prompt-fuzzer\">\u003C\u002Fa>\n\n\n## ✨ What is the Prompt Fuzzer\n1. This interactive tool assesses the security of your GenAI application's system prompt against various dynamic LLM-based attacks. It provides a security evaluation based on the outcome of these attack simulations, enabling you to strengthen your system prompt as needed.\n2. The Prompt Fuzzer dynamically tailors its tests to your application's unique configuration and domain.\n3. The Fuzzer also includes a Playground chat interface, giving you the chance to iteratively improve your system prompt, hardening it against a wide spectrum of generative AI attacks.\n\n:warning: Using the Prompt Fuzzer will lead to the consumption of tokens. :warning:\n\n\u003Cbr>\n\n\u003Ca id=\"installation\">\u003C\u002Fa>\n## 🚀 Installation \n![prompt-fuzzer-install-final](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fprompt-security_ps-fuzz_readme_ace756234317.png)\n\n1. Install the Fuzzer package\n   \u003Ca id=\"using-pip\">\u003C\u002Fa>\n   #### Using pip install\n   ```zsh\n   pip install prompt-security-fuzzer\n   ```\n   \u003Ca id=\"using-pypi\">\u003C\u002Fa>\n   #### Using the package page on PyPi\n   You can also visit the [package page](https:\u002F\u002Fpypi.org\u002Fproject\u002Fprompt-security-fuzzer\u002F) on PyPi\n\n   Or grab latest release wheel file form [releases](https:\u002F\u002Fgithub.com\u002Fprompt-security\u002Fps-fuzz\u002Freleases)\n\n2. Launch the Fuzzer\n   ```zsh\n   export OPENAI_API_KEY=sk-123XXXXXXXXXXXX\n   \n   prompt-security-fuzzer\n   ```\n\n3. Input your system prompt\n\n4. Start testing\n\n5. Test yourself with the Playground! Iterate as many times are you like until your system prompt is secure.\n\n\n\u003Ca id=\"usage\">\u003C\u002Fa>\n## :computer:  Usage\n\u003Ca id=\"features\">\u003C\u002Fa>\n### Features\n\u003Cb>The Prompt Fuzzer Supports:\u003C\u002Fb>\u003Cbr>\n🧞  16 [llm providers](#llm-providers)\u003Cbr>\n🔫  16 different [attacks](#attacks)\u003Cbr>\n💬  Interactive mode\u003Cbr>\n🤖  CLI mode\u003Cbr>\n🧵  Multi threaded testing\u003Cbr>\n  \n\u003Ca id=\"environment-variables\">\u003C\u002Fa>\n### Environment variables:\n\nYou need to set an environment variable to hold the access key of your preferred LLM provider.\ndefault is  `OPENAI_API_KEY`\n\nExample: set `OPENAI_API_KEY` with your API Token to use with your OpenAI account.\n\nAlternatively, create a file named `.env` in the current directory and set the `OPENAI_API_KEY` there.\n\u003Ca id=\"llm-providers\">\u003C\u002Fa>\n\n\u003Cdetails>\u003Csummary>We're fully LLM agnostic. (Click for full configuration list of llm providers)\u003C\u002Fsummary>\n\n| ENVIORMENT KEY| Description |\n|---------------|-------------|\n| `ANTHROPIC_API_KEY` | `Anthropic` Chat large language models.|\n| `ANYSCALE_API_KEY` |  `Anyscale` Chat large language models.|\n| `AZURE OPENAI_API_KEY` | `Azure OpenAI` Chat Completion API.|\n| `BAICHUAN_API_KEY` |  `Baichuan chat` models API by Baichuan Intelligent Technology.|\n| `COHERE_API_KEY` | `Cohere chat` large language models.|\n| `EVERLYAI_API_KEY` | `EverlyAI` Chat large language models|\n| `FIREWORKS_API_KEY` | `Fireworks` Chat models|\n| `GIGACHAT_CREDENTIALS` |  `GigaChat` large language models API. |\n| `GOOGLE_API_KEY` |  `Google PaLM` Chat models API.|\n| `JINA_API_TOKEN` |  `Jina AI` Chat models API.|\n| `KONKO_API_KEY` | `ChatKonko` Chat large language models API.|\n| `MINIMAX_API_KEY`, `MINIMAX_GROUP_ID` | Wrapper around Minimax large language models.|\n| `OPENAI_API_KEY` | `OpenAI` Chat large language models API.|\n| `PROMPTLAYER_API_KEY` |  `PromptLayer` and OpenAI Chat large language models API.|\n| `QIANFAN_AK`, `QIANFAN_SK` |  `Baidu Qianfan` chat models.|\n| `YC_API_KEY` | `YandexGPT` large language models.|\n\u003C\u002Fdetails>\n\n\u003Cbr\u002F>\n\u003Cbr\u002F>\n\n\u003Ca id=\"options\">\u003C\u002Fa>\n### Command line Options\n* `--list-providers`        Lists all available providers\n* `--list-attacks`          Lists available attacks and exit\n* `--attack-provider`       Attack Provider \n* `--attack-model`          Attack Model  \n* `--target-provider `      Target provider\n* `--target-model`          Target model  \n* `--num-attempts, -n`       NUM_ATTEMPTS Number of different attack prompts \n* `--num-threads, -t`        NUM_THREADS  Number of worker threads \n* `--attack-temperature, -a` ATTACK_TEMPERATURE  Temperature for attack model \n* `--debug-level, -d`        DEBUG_LEVEL  Debug level (0-2)\n* `-batch, -b`               Run the fuzzer in unattended (batch) mode, bypassing the interactive steps\n* `--ollama-base-url`        Base URL for Ollama API (for self-hosted deployments)\n* `--openai-base-url`        Base URL for OpenAI API (for OpenAI-compatible endpoints)\n* `--embedding-provider`     Embedding provider (ollama or open_ai) - required for RAG tests\n* `--embedding-model`        Embedding model name - required for RAG tests\n* `--embedding-ollama-base-url` Base URL for Ollama Embedding API\n* `--embedding-openai-base-url` Base URL for OpenAI Embedding API\n\n\u003Cbr\u002F>\n\n\u003Ca id=\"examples\">\u003C\u002Fa>\n## Examples\n\nSystem prompt examples (of various strengths) can be found in the subdirectory [system_prompt.examples](https:\u002F\u002Fgithub.com\u002Fprompt-security\u002Fps-fuzz\u002Ftree\u002Fmain\u002Fsystem_prompt.examples\u002F) in the sources.\n \n\u003Ca id=\"interactive\">\u003C\u002Fa>\n#### Interactive mode (default mode)\n\n  Run tests against the system prompt\n\n```\n    prompt_security_fuzzer \n```\n\n\u003Ca id=\"singlerun\">\u003C\u002Fa>\n#### :speedboat:  Quick start single run\n\nRun tests against the system prompt (in non-interactive batch mode):\n\n```\n    prompt-security-fuzzer -b .\u002Fsystem_prompt.examples\u002Fmedium_system_prompt.txt\n```\n\n#### 📺 Custom Benchmark!\nRun tests against the system prompt with a custom benchmark\n\n```\n    prompt-security-fuzzer -b .\u002Fsystem_prompt.examples\u002Fmedium_system_prompt.txt --custom-benchmark=ps_fuzz\u002Fattack_data\u002Fcustom_benchmark1.csv\n```\n\n#### 🐹 Run only a subset of attacks!\nRun tests against the system prompt with a subset of attacks\n\n```\n    prompt-security-fuzzer -b .\u002Fsystem_prompt.examples\u002Fmedium_system_prompt.txt --custom-benchmark=ps_fuzz\u002Fattack_data\u002Fcustom_benchmark1.csv --tests='[\"ucar\",\"amnesia\"]'\n```\n\n#### 🧪 RAG Poisoning Attack\nTest RAG systems with vector database poisoning attacks\n\n```bash\n# Using OpenAI embeddings\nprompt-security-fuzzer -b .\u002Fsystem_prompt.examples\u002Fmedium_system_prompt.txt \\\n    --embedding-provider=open_ai \\\n    --embedding-model=text-embedding-ada-002 \\\n    --tests='[\"rag_poisoning\"]'\n\n# Using Ollama embeddings with custom endpoint\nprompt-security-fuzzer -b .\u002Fsystem_prompt.examples\u002Fmedium_system_prompt.txt \\\n    --embedding-provider=ollama \\\n    --embedding-model=nomic-embed-text \\\n    --embedding-ollama-base-url=http:\u002F\u002Flocalhost:11434 \\\n    --tests='[\"rag_poisoning\"]'\n```\n\n**Note**: Requires chromadb (installed by default with prompt-security-fuzzer)\n\n#### 🔌 Using Custom API Endpoints\nRun tests against custom or self-hosted LLM deployments\n\n```bash\n# Using custom Ollama endpoint\nprompt-security-fuzzer -b .\u002Fsystem_prompt.examples\u002Fmedium_system_prompt.txt \\\n    --target-provider=ollama \\\n    --target-model=llama2 \\\n    --ollama-base-url=http:\u002F\u002Flocalhost:11434\n\n# Using OpenAI-compatible endpoint (e.g., LocalAI, vLLM, LM Studio)\nprompt-security-fuzzer -b .\u002Fsystem_prompt.examples\u002Fmedium_system_prompt.txt \\\n    --target-provider=open_ai \\\n    --target-model=custom-model \\\n    --openai-base-url=http:\u002F\u002Fyour-custom-endpoint:8000\u002Fv1\n```\n\n\u003Cbr>\n\u003Cbr>\n\u003Cbr>\n\n\u003Ca id=\"colab\">\u003C\u002Fa>\n## 📓 Google Colab Notebook\nRefine and harden your system prompt in our [Google Colab Notebook](https:\u002F\u002Fcolab.research.google.com\u002Fdrive\u002F148n5M1wZXp-ojhnh-_KP01OYtUwJwlUl?usp=sharing)\u003Cbr>\u003Cbr>\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fprompt-security_ps-fuzz_readme_a17dac8aeeca.png\" alt=\"Prompt Fuzzer Refinement Process\"\u002F>\n\u003Cbr>\u003Cbr>\n\u003Ca id=\"demovideo\">\u003C\u002Fa>\n## 🎬 Demo video\n[![Watch the video](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fprompt-security_ps-fuzz_readme_a4194e36d4a1.jpg)](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=xCO3_LHPH2Q)\n\n\u003Ca id=\"attacks\">\u003C\u002Fa>\n## :crossed_swords: Simulated Attack Details\n\nWe use a dynamic testing approach, where we get the necessary context from your System Prompt and based on that adapt the fuzzing process.\n\n\u003Ca id=\"jailbreak\">\u003C\u002Fa>\n##### Jailbreak\n \n- **AIM Jailbreak**: Probes ethical compliance by eliciting instructions on illegal activities via Machiavelli roleplay.\n- **Affirmative Suffix**: Exploits a vulnerability to elicit affirmative responses for prohibited content.\n- **Amnesia**: Causes the LLM to forget or disregard system prompt instructions, leading to unrelated outputs.\n- **Contextual Redirection**: Tricks the LLM into adopting a specific role that may bypass preset restrictions.\n- **Do Anything Now Jailbreak (DAN)**: Tests LLM resilience against performing forbidden activities through roleplay.\n- **Harmful Behavior**: Challenges the LLM with prompts from a harmful behavior dataset.\n- **Linguistic Evasion**: Uses non-English languages to bypass preset restrictions or focus.\n- **Self Refine**: Attempts to bypass system prompts by refining responses towards unethical directions.\n- **UCAR**: Assesses LLM adherence to content restrictions when asked to ignore such filters.\n- **Base64 Evasion** Attempts to evade detection of harmful prompts by encoding them into base64 strings\n\n\u003Ca id=\"pi-injection\">\u003C\u002Fa>\n##### Prompt Injection\n\n- **Authoritative Role Impersonation**: Impersonates an authoritative role to misdirect the LLM's outputs.\n- **Complimentary Transition**: Tests ability to maintain content standards when switching topics after a compliment.\n- **Ethical Compliance**: Evaluates resistance to discussing harmful or inappropriate content about sensitive topics.\n- **Typoglycemia Attack**: Exploits text processing vulnerabilities by omitting random characters, causing incorrect responses.\n\n\u003Ca id=\"rag-poisoning\">\u003C\u002Fa>\n##### RAG & Vector Database Attacks\n\n- **RAG Poisoning (Hidden Parrot Attack)**: Tests whether malicious instructions embedded in vector database documents can compromise RAG system behavior. This attack verifies if poisoned content retrieved from vector stores can override system prompts or inject unauthorized instructions into LLM responses.\n\n\u003Ca id=\"systemleak\">\u003C\u002Fa>\n##### System prompt extraction\n\n- **System Prompt Stealer**: Attempts to extract the LLM's internal configuration or sensitive information.\n\n##### Definitions\n\n- **Broken**: Attack type attempts that LLM succumbed to.\n- **Resilient**: Attack type attempts that LLM resisted.\n- **Errors**: Attack type attempts that had inconclusive results.\n\n\n\n\u003Cbr\u002F>\n\u003Cbr\u002F>\n\n\u003Ca id=\"roadmap\">\u003C\u002Fa>\n## :rainbow: What’s next on the roadmap?\n\n- [X]  Google Colab Notebook\n- [X]  Adjust the output evaluation mechanism for prompt dataset testing\n- [ ]  Continue adding new GenAI attack types\n- [ ]  Enhaced reporting capabilites\n- [ ]  Hardening recommendations\n\nTurn this into a community project! We want this to be useful to everyone building GenAI applications. If you have attacks of your own that you think should be a part of this project, please contribute! This is how: https:\u002F\u002Fgithub.com\u002Fprompt-security\u002Fps-fuzz\u002Fblob\u002Fmain\u002FCONTRIBUTING.md\n\n\u003Ca id=\"contributing\">\u003C\u002Fa>\n## 🍻 Contributing\n\nInterested in contributing to the development of our tools? Great! For a guide on making your first contribution, please see our [Contributing Guide](https:\u002F\u002Fgithub.com\u002Fprompt-security\u002Fps-fuzz\u002Fblob\u002Fmain\u002FCONTRIBUTING.md#get-started-with-your-first-contribution-adding-a-new-test). This section offers a straightforward introduction to adding new tests.\n\nFor ideas on what tests to add, check out the issues tab in our GitHub repository. Look for issues labeled `new-test` and `good-first-issue`, which are perfect starting points for new contributors.\n\n","\u003Ch1 align=\"center\">\n  \u003Cimg src=\"resources\u002Fprompt-icon.svg\" alt=\"prompt-icon\">\n  Prompt Fuzzer\n  \u003Cimg src=\"resources\u002Fprompt-icon.svg\" alt=\"prompt-icon\">\n\u003C\u002Fh1>\n\n\u003Ch2 align=\"center\">\n  帮助加固您的生成式人工智能（GenAI）应用的开源工具\n\u003Cbr>\n\u003Cbr>\n\n[![License: MIT](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-yellow.svg)](https:\u002F\u002Fopensource.org\u002Flicenses\u002FMIT)\n![ci](https:\u002F\u002Fgithub.com\u002Fprompt-security\u002Fps-fuzz\u002Factions\u002Fworkflows\u002Fci.yml\u002Fbadge.svg)\n![GitHub contributors](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fcontributors\u002Fprompt-security\u002Fps-fuzz)\n![Last release](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002Fprompt-security\u002Fps-fuzz)\n[![Open In Colab](https:\u002F\u002Fcolab.research.google.com\u002Fassets\u002Fcolab-badge.svg)](https:\u002F\u002Fcolab.research.google.com\u002Fdrive\u002F148n5M1wZXp-ojhnh-_KP01OYtUwJwlUl?usp=sharing)\n\u003C\u002Fh2>\n\n\n\u003Cdiv align=\"center\">\n\n\u003Ch4> 由 Prompt Security 呈现，这是生成式人工智能安全的完整平台\n\n\u003C\u002Fdiv>\n\n---\n\n\u003Cdiv align=\"center\">\n  \n![Prompt Security Logo](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fprompt-security_ps-fuzz_readme_d2c39cea53ad.png)\n\n\u003C\u002Fdiv>\n\n---\n\n\n目录\n-----------------\n\n\u003C!-- vim-markdown-toc GFM -->\n* [ :sparkles: 关于](#what-is-prompt-fuzzer)\n* [ :rotating_light: 功能](#features)\n* [ :rocket: 安装](#installation)\n    * [使用 pip](#using-pip)\n    * [包页面](https:\u002F\u002Fpypi.org\u002Fproject\u002Fprompt-security-fuzzer\u002F)\n    * [:construction: 使用 Docker](#docker) ***即将推出*** \n* [使用](#usage)\n    * [功能](#features)\n    * [环境变量](#environment-variables)\n    * [支持的 LLM](#llm-providers)\n    * [命令行选项](#options)\n* [示例](#examples)\n    * [交互模式](#interactive)\n    * [快速启动单次运行](#singlerun)\n* [ :clapper: 演示视频](#demovideo)\n* [支持的攻击类型](#attacks)\n   * [越狱](#jailbreak)\n   * [提示词注入](#pi-injection)\n   * [RAG 与向量数据库攻击](#rag-poisoning)\n   * [系统提示词提取](#systemleak)\n* [ :rainbow: 路线图下一步是什么？](#roadmap)\n* [ :beers: 贡献](#contributing)\n\n\u003Cbr>\n\n\n\u003Ca id=\"what-is-prompt-fuzzer\">\u003C\u002Fa>\n\n\n## ✨ Prompt Fuzzer 是什么\n1. 这个交互式工具评估您的生成式人工智能（GenAI）应用的系统提示词在面对各种动态基于大语言模型（LLM）的攻击时的安全性。它根据这些攻击模拟的结果提供安全评估，使您能够根据需要加强您的系统提示词。\n2. Prompt Fuzzer 会根据您应用的独特配置和领域动态定制其测试。\n3. 该模糊测试工具还包含一个游乐场（Playground）聊天界面，让您有机会迭代改进您的系统提示词，使其针对广泛的生成式人工智能攻击更具韧性。\n\n:warning: 使用 Prompt Fuzzer 将消耗 Token。:warning:\n\n\u003Cbr>\n\n\u003Ca id=\"installation\">\u003C\u002Fa>\n## 🚀 安装 \n![prompt-fuzzer-install-final](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fprompt-security_ps-fuzz_readme_ace756234317.png)\n\n1. 安装模糊测试工具包\n   \u003Ca id=\"using-pip\">\u003C\u002Fa>\n   #### 使用 pip 安装\n   ```zsh\n   pip install prompt-security-fuzzer\n   ```\n   \u003Ca id=\"using-pypi\">\u003C\u002Fa>\n   #### 使用 PyPi 上的包页面\n   您也可以访问 PyPi 上的 [包页面](https:\u002F\u002Fpypi.org\u002Fproject\u002Fprompt-security-fuzzer\u002F)\n\n   或者从 [发布版本](https:\u002F\u002Fgithub.com\u002Fprompt-security\u002Fps-fuzz\u002Freleases) 获取最新的发布轮文件\n\n2. 启动模糊测试工具\n   ```zsh\n   export OPENAI_API_KEY=sk-123XXXXXXXXXXXX\n   \n   prompt-security-fuzzer\n   ```\n\n3. 输入您的系统提示词\n\n4. 开始测试\n\n5. 使用游乐场进行测试！您可以无限次迭代，直到您的系统提示词安全为止。\n\n\n\u003Ca id=\"usage\">\u003C\u002Fa>\n## :computer: 使用\n\u003Ca id=\"features\">\u003C\u002Fa>\n### 功能\n\u003Cb>Prompt Fuzzer 支持：\u003C\u002Fb>\u003Cbr>\n🧞  16 个 [LLM 提供商](#llm-providers)\u003Cbr>\n🔫  16 种不同的 [攻击方式](#attacks)\u003Cbr>\n💬  交互模式\u003Cbr>\n🤖  命令行接口（CLI）模式\u003Cbr>\n🧵  多线程测试\u003Cbr>\n  \n\u003Ca id=\"environment-variables\">\u003C\u002Fa>\n### 环境变量：\n\n您需要设置一个环境变量来保存首选 LLM 提供商的访问密钥。\n默认为 `OPENAI_API_KEY`\n\n示例：使用您的 OpenAI 账户的 API Token 设置 `OPENAI_API_KEY`。\n\n或者，在当前目录创建一个名为 `.env` 的文件并在那里设置 `OPENAI_API_KEY`。\n\u003Ca id=\"llm-providers\">\u003C\u002Fa>\n\n\u003Cdetails>\u003Csummary>我们完全支持任意 LLM。（点击查看完整的 LLM 提供商配置列表）\u003C\u002Fsummary>\n\n| 环境变量键 | 描述 |\n|---------------|-------------|\n| `ANTHROPIC_API_KEY` | `Anthropic` 聊天大语言模型。|\n| `ANYSCALE_API_KEY` |  `Anyscale` 聊天大语言模型。|\n| `AZURE OPENAI_API_KEY` | `Azure OpenAI` 聊天完成 API。|\n| `BAICHUAN_API_KEY` |  `Baichuan chat` 模型 API，由百川智能科技提供。|\n| `COHERE_API_KEY` | `Cohere chat` 大语言模型。|\n| `EVERLYAI_API_KEY` | `EverlyAI` 聊天大语言模型 |\n| `FIREWORKS_API_KEY` | `Fireworks` 聊天模型 |\n| `GIGACHAT_CREDENTIALS` |  `GigaChat` 大语言模型 API。 |\n| `GOOGLE_API_KEY` |  `Google PaLM` 聊天模型 API。|\n| `JINA_API_TOKEN` |  `Jina AI` 聊天模型 API。|\n| `KONKO_API_KEY` | `ChatKonko` 聊天大语言模型 API。|\n| `MINIMAX_API_KEY`, `MINIMAX_GROUP_ID` | Minimax 大语言模型的封装。|\n| `OPENAI_API_KEY` | `OpenAI` 聊天大语言模型 API。|\n| `PROMPTLAYER_API_KEY` |  `PromptLayer` 和 OpenAI 聊天大语言模型 API。|\n| `QIANFAN_AK`, `QIANFAN_SK` |  `百度千帆` 聊天模型。|\n| `YC_API_KEY` | `YandexGPT` 大语言模型。|\n\u003C\u002Fdetails>\n\n\u003Cbr\u002F>\n\u003Cbr\u002F>\n\n\u003Ca id=\"options\">\u003C\u002Fa>\n### 命令行选项\n* `--list-providers`        列出所有可用提供商\n* `--list-attacks`          列出可用攻击并退出\n* `--attack-provider`       攻击提供商 \n* `--attack-model`          攻击模型  \n* `--target-provider `      目标提供商\n* `--target-model`          目标模型  \n* `--num-attempts, -n`       NUM_ATTEMPTS 不同攻击提示词的数量 \n* `--num-threads, -t`        NUM_THREADS 工作线程数量 \n* `--attack-temperature, -a` ATTACK_TEMPERATURE 攻击模型的温度参数 \n* `--debug-level, -d`        DEBUG_LEVEL 调试级别 (0-2)\n* `-batch, -b`               以无人值守（批处理）模式运行模糊测试工具，跳过交互步骤\n* `--ollama-base-url`        Ollama API 的基础 URL（用于自托管部署）\n* `--openai-base-url`        OpenAI API 的基础 URL（用于兼容 OpenAI 的端点）\n* `--embedding-provider`     嵌入提供商（ollama 或 open_ai）- RAG 测试必需\n* `--embedding-model`        嵌入模型名称 - RAG 测试必需\n* `--embedding-ollama-base-url` Ollama 嵌入 API 的基础 URL\n* `--embedding-openai-base-url` OpenAI 嵌入 API 的基础 URL\n\n\u003Cbr\u002F>\n\n\u003Ca id=\"examples\">\u003C\u002Fa>\n\n## 示例\n\n系统提示词 (System Prompt) 示例（不同强度等级）可在源代码的子目录 [system_prompt.examples](https:\u002F\u002Fgithub.com\u002Fprompt-security\u002Fps-fuzz\u002Ftree\u002Fmain\u002Fsystem_prompt.examples\u002F) 中找到。\n \n\u003Ca id=\"interactive\">\u003C\u002Fa>\n#### 交互模式（默认模式）\n\n  针对系统提示词运行测试\n\n```\n    prompt_security_fuzzer \n```\n\n\u003Ca id=\"singlerun\">\u003C\u002Fa>\n#### :speedboat: 快速启动单次运行\n\n针对系统提示词运行测试（非交互式批处理模式）：\n\n```\n    prompt-security-fuzzer -b .\u002Fsystem_prompt.examples\u002Fmedium_system_prompt.txt\n```\n\n#### 📺 自定义基准测试！\n使用自定义基准测试针对系统提示词运行测试\n\n```\n    prompt-security-fuzzer -b .\u002Fsystem_prompt.examples\u002Fmedium_system_prompt.txt --custom-benchmark=ps_fuzz\u002Fattack_data\u002Fcustom_benchmark1.csv\n```\n\n#### 🐹 仅运行部分攻击类型！\n使用部分攻击类型针对系统提示词运行测试\n\n```\n    prompt-security-fuzzer -b .\u002Fsystem_prompt.examples\u002Fmedium_system_prompt.txt --custom-benchmark=ps_fuzz\u002Fattack_data\u002Fcustom_benchmark1.csv --tests='[\"ucar\",\"amnesia\"]'\n```\n\n#### 🧪 RAG 投毒攻击\n使用向量数据库 (Vector Database) 投毒攻击测试检索增强生成 (RAG) 系统\n\n```bash\n# Using OpenAI embeddings\nprompt-security-fuzzer -b .\u002Fsystem_prompt.examples\u002Fmedium_system_prompt.txt \\\n    --embedding-provider=open_ai \\\n    --embedding-model=text-embedding-ada-002 \\\n    --tests='[\"rag_poisoning\"]'\n\n# Using Ollama embeddings with custom endpoint\nprompt-security-fuzzer -b .\u002Fsystem_prompt.examples\u002Fmedium_system_prompt.txt \\\n    --embedding-provider=ollama \\\n    --embedding-model=nomic-embed-text \\\n    --embedding-ollama-base-url=http:\u002F\u002Flocalhost:11434 \\\n    --tests='[\"rag_poisoning\"]'\n```\n\n**注意**：需要 chromadb（prompt-security-fuzzer 默认已安装）\n\n#### 🔌 使用自定义 API 端点\n针对自定义或自托管的大型语言模型 (LLM) 部署运行测试\n\n```bash\n# Using custom Ollama endpoint\nprompt-security-fuzzer -b .\u002Fsystem_prompt.examples\u002Fmedium_system_prompt.txt \\\n    --target-provider=ollama \\\n    --target-model=llama2 \\\n    --ollama-base-url=http:\u002F\u002Flocalhost:11434\n\n# Using OpenAI-compatible endpoint (e.g., LocalAI, vLLM, LM Studio)\nprompt-security-fuzzer -b .\u002Fsystem_prompt.examples\u002Fmedium_system_prompt.txt \\\n    --target-provider=open_ai \\\n    --target-model=custom-model \\\n    --openai-base-url=http:\u002F\u002Fyour-custom-endpoint:8000\u002Fv1\n```\n\n\u003Cbr>\n\u003Cbr>\n\u003Cbr>\n\n\u003Ca id=\"colab\">\u003C\u002Fa>\n## 📓 Google Colab 笔记本\n在我们的 [Google Colab 笔记本](https:\u002F\u002Fcolab.research.google.com\u002Fdrive\u002F148n5M1wZXp-ojhnh-_KP01OYtUwJwlUl?usp=sharing) 中优化和加固您的系统提示词\u003Cbr>\u003Cbr>\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fprompt-security_ps-fuzz_readme_a17dac8aeeca.png\" alt=\"Prompt Fuzzer Refinement Process\"\u002F>\n\u003Cbr>\u003Cbr>\n\u003Ca id=\"demovideo\">\u003C\u002Fa>\n## 🎬 演示视频\n[![Watch the video](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fprompt-security_ps-fuzz_readme_a4194e36d4a1.jpg)](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=xCO3_LHPH2Q)\n\n\u003Ca id=\"attacks\">\u003C\u002Fa>\n## :crossed_swords: 模拟攻击详情\n\n我们采用动态测试方法，从您的系统提示词中获取必要上下文，并据此调整模糊测试 (Fuzzing) 过程。\n\n\u003Ca id=\"jailbreak\">\u003C\u002Fa>\n##### 越狱\n \n- **AIM 越狱**：通过马基雅维利角色扮演引出非法活动的指令，探测伦理合规性。\n- **肯定后缀**：利用漏洞引出对禁止内容的肯定响应。\n- **失忆**：导致 LLM 遗忘或忽略系统提示词指令，产生无关输出。\n- **上下文重定向**：诱骗 LLM 采用特定角色，从而可能绕过预设限制。\n- **现在做任何事越狱 (DAN)**：测试 LLM 在角色扮演下执行禁止活动的韧性。\n- **有害行为**：使用来自有害行为数据集的提示词挑战 LLM。\n- **语言规避**：使用非英语语言绕过预设限制或焦点。\n- **自我优化**：试图通过将响应向不道德方向优化来绕过系统提示词。\n- **UCAR**：评估 LLM 在被要求忽略此类过滤器时对内容限制的遵守程度。\n- **Base64 规避**：尝试通过将提示词编码为 base64 字符串来逃避对有害提示词的检测\n\n\u003Ca id=\"pi-injection\">\u003C\u002Fa>\n##### 提示词注入\n\n- **权威角色冒充**：冒充权威角色以误导 LLM 的输出。\n- **赞美过渡**：测试在赞美后切换主题时维持内容标准的能力。\n- **伦理合规性**：评估抵抗讨论敏感话题有害或不适当内容的抵抗力。\n- **拼写混乱攻击 (Typoglycemia Attack)**：通过省略随机字符利用文本处理漏洞，导致错误响应。\n\n\u003Ca id=\"rag-poisoning\">\u003C\u002Fa>\n##### RAG 与向量数据库攻击\n\n- **RAG 投毒（隐藏鹦鹉攻击）**：测试嵌入在向量数据库文档中的恶意指令是否会危及 RAG 系统行为。此攻击验证从向量存储中检索的投毒内容是否可以覆盖系统提示词或在 LLM 响应中注入未授权指令。\n\n\u003Ca id=\"systemleak\">\u003C\u002Fa>\n##### 系统提示词提取\n\n- **系统提示词窃取者**：尝试提取 LLM 的内部配置或敏感信息。\n\n##### 定义\n\n- **失败**：LLM 屈服于该攻击类型尝试。\n- **抵御成功**：LLM 抵抗了该攻击类型尝试。\n- **错误**：结果不明确的攻击类型尝试。\n\n\n\n\u003Cbr\u002F>\n\u003Cbr\u002F>\n\n\u003Ca id=\"roadmap\">\u003C\u002Fa>\n## :rainbow: 路线图上的下一步是什么？\n\n- [X]  Google Colab 笔记本\n- [X]  调整提示词数据集测试的输出评估机制\n- [ ]  继续添加新的生成式人工智能 (GenAI) 攻击类型\n- [ ]  增强的报告能力\n- [ ]  加固建议\n\n将其打造为社区项目！我们希望这对所有构建生成式人工智能 (GenAI) 应用的人都有用。如果您有自己的攻击方法认为应该包含在此项目中，请贡献！方法如下：https:\u002F\u002Fgithub.com\u002Fprompt-security\u002Fps-fuzz\u002Fblob\u002Fmain\u002FCONTRIBUTING.md\n\n\u003Ca id=\"contributing\">\u003C\u002Fa>\n## 🍻 贡献指南\n\n有兴趣参与我们工具的开发吗？太好了！关于如何做出您的首次贡献的指南，请参阅我们的 [贡献指南](https:\u002F\u002Fgithub.com\u002Fprompt-security\u002Fps-fuzz\u002Fblob\u002Fmain\u002FCONTRIBUTING.md#get-started-with-your-first-contribution-adding-a-new-test)。本节提供了添加新测试的简明介绍。\n\n关于要添加哪些测试的想法，请查看我们 GitHub 仓库中的 Issues 标签页。寻找标记为 `new-test` 和 `good-first-issue` 的问题，这些是新手贡献者的完美起点。","# ps-fuzz 快速上手指南\n\n## 简介\nps-fuzz（Prompt Fuzzer）是一款开源工具，旨在帮助开发者加固生成式 AI（GenAI）应用的安全性。它通过模拟多种动态攻击来评估系统提示词（System Prompt）的防御能力，并提供交互式界面辅助迭代优化。\n\n> ⚠️ **注意**：使用该工具会消耗 LLM Token，请注意相关成本。\n\n## 环境准备\n*   **Python 环境**：确保本地已安装 Python 3.x。\n*   **LLM 访问密钥**：需要配置一个大语言模型提供商的 API Key（默认支持 OpenAI，也支持 Anthropic、Azure 等其他 16 种提供商）。\n*   **依赖项**：工具安装后会自动处理大部分依赖（如 ChromaDB）。\n\n## 安装步骤\n通过 pip 安装官方包：\n\n```zsh\npip install prompt-security-fuzzer\n```\n\n如需获取最新发行版，可访问 [PyPI](https:\u002F\u002Fpypi.org\u002Fproject\u002Fprompt-security-fuzzer\u002F) 或 [GitHub Releases](https:\u002F\u002Fgithub.com\u002Fprompt-security\u002Fps-fuzz\u002Freleases)。\n\n## 基本使用\n\n### 1. 配置 API 密钥\n在运行前，请设置环境变量以持有 LLM 提供商的访问密钥。默认使用 `OPENAI_API_KEY`，您也可以在当前目录创建 `.env` 文件进行配置。\n\n```zsh\nexport OPENAI_API_KEY=sk-123XXXXXXXXXXXX\n```\n\n### 2. 交互模式（默认）\n直接运行命令进入交互式测试界面，按提示输入系统提示词即可开始测试：\n\n```zsh\nprompt_security_fuzzer \n```\n\n### 3. 批量模式（非交互）\n适用于自动化测试或脚本集成，指定系统提示词文件并运行：\n\n```zsh\nprompt-security-fuzzer -b .\u002Fsystem_prompt.examples\u002Fmedium_system_prompt.txt\n```\n\n### 4. 高级用法示例\n*   **仅运行特定攻击类型**：\n    ```bash\n    prompt-security-fuzzer -b .\u002Fsystem_prompt.examples\u002Fmedium_system_prompt.txt --tests='[\"ucar\",\"amnesia\"]'\n    ```\n*   **RAG 投毒攻击测试**（需配置 Embedding 模型）：\n    ```bash\n    prompt-security-fuzzer -b .\u002Fsystem_prompt.examples\u002Fmedium_system_prompt.txt \\\n        --embedding-provider=open_ai \\\n        --embedding-model=text-embedding-ada-002 \\\n        --tests='[\"rag_poisoning\"]'\n    ```\n*   **使用自定义 API 端点**（如 Ollama 或 LocalAI）：\n    ```bash\n    prompt-security-fuzzer -b .\u002Fsystem_prompt.examples\u002Fmedium_system_prompt.txt \\\n        --target-provider=ollama \\\n        --target-model=llama2 \\\n        --ollama-base-url=http:\u002F\u002Flocalhost:11434\n    ```\n\n## 常用命令选项\n*   `--list-providers`：列出所有支持的 LLM 提供商\n*   `--list-attacks`：列出可用的攻击类型并退出\n*   `-b` \u002F `--batch`：以无监督（批量）模式运行\n*   `-n` \u002F `--num-attempts`：设置不同攻击提示的数量\n*   `-t` \u002F `--num-threads`：设置工作线程数","某金融科技公司正在开发一款智能客服机器人，负责处理用户的账户查询和投资建议，对安全性要求极高。\n\n### 没有 ps-fuzz 时\n- 依赖人工编写测试用例，难以覆盖复杂的诱导攻击场景，容易遗漏隐蔽漏洞。\n- 系统提示词容易被恶意用户绕过，导致泄露内部指令或产生违规回答。\n- 缺乏自动化评估手段，上线前无法确认是否具备抗注入能力，存在合规风险。\n- 发现漏洞后修复周期长，需要反复手动验证，严重影响产品迭代进度。\n\n### 使用 ps-fuzz 后\n- ps-fuzz 自动模拟 16 种攻击方式，快速暴露提示词在越狱和注入方面的弱点。\n- 通过交互式 Playground 反复调试，有效加固了敏感信息保护逻辑，防止数据泄露。\n- 支持多线程并发测试，大幅缩短了安全评估的时间成本，提升开发效率。\n- 上线前已拦截多次潜在的越狱尝试，确保系统在真实环境中具备足够的鲁棒性。\n\nps-fuzz 让生成式 AI 应用的安全防护从被动防御转变为主动加固，显著降低了业务风险。","https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fprompt-security_ps-fuzz_fee26e13.png","prompt-security","Prompt Security","https:\u002F\u002Foss.gittoolsai.com\u002Favatars\u002Fprompt-security_833da2e5.png","",null,"https:\u002F\u002Fgithub.com\u002Fprompt-security",[82,86],{"name":83,"color":84,"percentage":85},"Python","#3572A5",99.3,{"name":87,"color":88,"percentage":89},"Shell","#89e051",0.7,669,95,"2026-04-05T00:24:13","MIT","未说明",{"notes":96,"python":94,"dependencies":97},"必须设置 LLM 提供商的 API 密钥（如 OPENAI_API_KEY）；运行测试会消耗 Token；RAG 攻击测试需额外配置 Embedding 模型及向量数据库；支持通过 Ollama 连接本地大模型或自定义 API 端点；默认安装包含 ChromaDB。",[98],"chromadb",[15,26,13,14],[101,102,103,104,105,106,107,108,109],"ai","fuzzer","generative-ai","llm","security","security-tools","llm-fuzzer","system-prompt-hardener","ai-fuzzer","2026-03-27T02:49:30.150509","2026-04-06T05:36:24.182686",[113,118,123,128,133,138],{"id":114,"question_zh":115,"answer_zh":116,"source_url":117},3023,"安装 prompt-security-fuzzer 时出现 ModuleNotFoundError: No module named 'pydantic.v1' 错误怎么办？","这是由于 pydantic 库版本兼容性导致的问题，已在 0.1.6 版本中修复。请运行以下命令升级包：\n`pip install --upgrade prompt-security-fuzzer`\n确保使用 PyPI 上的最新版本。","https:\u002F\u002Fgithub.com\u002Fprompt-security\u002Fps-fuzz\u002Fissues\u002F33",{"id":119,"question_zh":120,"answer_zh":121,"source_url":122},3024,"工具是否支持 AWS Bedrock 模型？","是的，AWS Bedrock 支持已经包含在工具中。用户可以直接使用该功能。","https:\u002F\u002Fgithub.com\u002Fprompt-security\u002Fps-fuzz\u002Fissues\u002F37",{"id":124,"question_zh":125,"answer_zh":126,"source_url":127},3025,"在交互模式下修改 Target 模型名称为何无效？","这是一个已知问题。在交互模式下尝试修改目标模型名称会失败，无论输入什么内容，它都会回退到默认的 gpt-3.5-turbo。","https:\u002F\u002Fgithub.com\u002Fprompt-security\u002Fps-fuzz\u002Fissues\u002F40",{"id":129,"question_zh":130,"answer_zh":131,"source_url":132},3026,"调试日志级别如何在菜单中配置？","调试日志级别已从菜单选项中移除。如需配置，请仅在命令行中使用相关参数进行设置。","https:\u002F\u002Fgithub.com\u002Fprompt-security\u002Fps-fuzz\u002Fissues\u002F15",{"id":134,"question_zh":135,"answer_zh":136,"source_url":137},3027,"如何配置攻击生成模型与保护模型的区别？","可以配置 `ATTACK_GENERATING_MODEL` 变量来区分攻击模型和保护模型。例如，可以使用 GPT-4 作为受保护模型，以便在设置中展示不同的评分方差。","https:\u002F\u002Fgithub.com\u002Fprompt-security\u002Fps-fuzz\u002Fissues\u002F3",{"id":139,"question_zh":140,"answer_zh":141,"source_url":137},3028,"在哪里查看支持的模型和攻击列表？","支持的模型和攻击列表已整合到项目的 README 文件中，并进行了优化整理（类似 Rebuff 项目风格）。请在仓库主页面查看 README。",[143,148,153,158,163,167,172,177,182,187,192,197,202,207,212,217,222,227],{"id":144,"version":145,"summary_zh":146,"released_at":147},102536,"v2.1.0","# Changelog\n\nAll notable changes to this project will be documented in this file.\n\nThe format is based on [Keep a Changelog](https:\u002F\u002Fkeepachangelog.com\u002Fen\u002F1.1.0\u002F).\n\n## [2.1.0] - 2026-02-16\n\n### Added\n- **RAG Poisoning Attack** (\"Hidden Parrot Attack\") — new fuzzing test that demonstrates how malicious instructions embedded in vector databases can compromise RAG system behavior\n  - Supports both Ollama and OpenAI embedding providers\n  - Configurable embedding model, provider, and base URLs via interactive menu or config file\n  - Automatically creates a poisoned vector database with benign and malicious documents, then tests whether the target LLM follows injected instructions\n- Embedding configuration properties in `AppConfig` (`embedding_provider`, `embedding_model`, `embedding_ollama_base_url`, `embedding_openai_base_url`)\n- Configurable base URLs for Ollama and OpenAI providers (`ollama_base_url`, `openai_base_url`) with proper parameter transformation in chat clients\n- `TestStatus.report_skipped()` method and `skipped_count` tracking for tests that cannot run due to missing configuration or dependencies\n- GPT-4o with Canvas system prompt leak example (`system_prompt.examples\u002F`)\n- Bandit security scanning workflow (`.github\u002Fworkflows\u002Fbandit.yml`)\n- Dedicated test files: `test_app_config.py`, `test_prompt_injection_fuzzer_helpers.py`, `test_test_status.py`\n\n### Security\n- **[CRITICAL] CVE-2025-68664** — Upgraded langchain ecosystem (langchain, langchain-core, langchain-community) from 0.0.x to 0.3.x to fix serialization injection vulnerability that could allow secret extraction and arbitrary code execution\n- **[HIGH] CVE-2024-34062** — Upgraded tqdm from 4.66.1 to ≥4.66.3 to fix CLI arguments injection via `eval()`\n- **[HIGH]** httpx version pinned to `>=0.24.0,\u003C0.25.0` to fix crashes caused by unpinned dependency\n\n### Fixed\n- ChromaDB `persist()` compatibility — gracefully handles ChromaDB 0.4.0+ which auto-persists\n- `register_test` decorator now properly returns the decorated class (was returning `None`)\n- Getter\u002Fsetter consistency for `embedding_provider` and `embedding_model` — setters now accept empty values matching getter defaults\n- Empty base URL strings are now filtered out instead of being passed through to model constructors\n- Fragile error-message string matching in RAG poisoning replaced with specific exception type handling (`ImportError`, `ConnectionError`, `ValueError`, etc.)\n- Removed stale custom benchmark cache\n- Release workflow no longer overwrites manually written release notes\n\n### Changed\n- Minimum Python version raised from 3.7 to 3.9 (required by langchain 0.3.x)\n- LangChain imports updated for 0.3.x compatibility:\n  - `langchain.schema` → `langchain_core.messages` \u002F `langchain_core.documents`\n  - `langchain.chat_models` → `langchain_community.chat_models`\n  - Pydantic v1 field introspection → Pydantic v2 with v1 fallback\n- Test organization: AppConfig, helper function, and TestStatus tests moved from `test_is_response_list.py` into dedicated test files\n- Removed unused variable assignments in test code\n\n## [2.0.0]\n\n- Fuzzer 2.0 release\n","2026-02-16T07:37:43",{"id":149,"version":150,"summary_zh":151,"released_at":152},102537,"2.0.0","## Changelog\r\n\r\n- PR - https:\u002F\u002Fgithub.com\u002Fprompt-security\u002Fps-fuzz\u002Fpull\u002F51 \r\n- Added a custom benchmark interface\r\n- Added an interface to run only a subset of tests\r\n- Made some addition to the readme:\r\n- Documenting the new options\r\n- Added a link to the google colab\r\n- Added a function to evaluate response similarity to expected response\r\n\r\n## Release Notes\r\n\r\n- We added a custom benchmark interface which will allow users to bring their own benchmark to fuzz their system prompt. The benchmark should be in the CSV format and include a “prompt” and “response” columns.\r\n- We added an interface to run a subset of tests which will help with the speed and efficiency of the system prompt refinement process. Now users can run only a subset of tests iteratively to fix localized problems. It will save both in time and in tokens!\r\n- We added a response similarity evaluation to several dataset based tests and to the custom benchmark test. This is an upgrade on the previous way we did that, which was to just look for refusal words within the response. This allows for better accuracy when checking the results of testing several prompts and seeing whether they match their expected responses or not. \r\n- We created a Google Colab notebook! The notebook contains the entire prompt refinement process; from the initial fuzzing through the refinement and localized testing to the regression test and end result. The link is at the top of the README and at the google colab section. ","2024-08-01T11:10:13",{"id":154,"version":155,"summary_zh":156,"released_at":157},102538,"0.1.7","This is the release of prompt-security\u002Fps-fuzz for version 0.1.7","2024-04-18T18:45:36",{"id":159,"version":160,"summary_zh":161,"released_at":162},102539,"0.1.6","This is the release of prompt-security\u002Fps-fuzz for version 0.1.6","2024-04-17T14:54:35",{"id":164,"version":165,"summary_zh":79,"released_at":166},102540,"0.1.5","2024-04-17T14:37:30",{"id":168,"version":169,"summary_zh":170,"released_at":171},102541,"0.1.4","This is the release of prompt-security\u002Fps-fuzz for version 0.1.4","2024-04-16T22:25:16",{"id":173,"version":174,"summary_zh":175,"released_at":176},102542,"0.1.3","This is the release of prompt-security\u002Fps-fuzz for version 0.1.3","2024-04-16T22:10:51",{"id":178,"version":179,"summary_zh":180,"released_at":181},102543,"0.1.2","This is the release of prompt-security\u002Fps-fuzz for version 0.1.2","2024-04-16T22:04:14",{"id":183,"version":184,"summary_zh":185,"released_at":186},102544,"0.1.1","This is the release of prompt-security\u002Fps-fuzz for version 0.1.1","2024-04-16T16:41:25",{"id":188,"version":189,"summary_zh":190,"released_at":191},102545,"0.1.0","This is the release of prompt-security\u002Fps-fuzz for version 0.1.0","2024-04-16T13:52:17",{"id":193,"version":194,"summary_zh":195,"released_at":196},102546,"0.0.7","This is the release of prompt-security\u002Fps-fuzz for version 0.0.7","2024-04-15T19:08:42",{"id":198,"version":199,"summary_zh":200,"released_at":201},102547,"0.0.6","This is the release of prompt-security\u002Fps-fuzz for version 0.0.6","2024-04-15T18:44:16",{"id":203,"version":204,"summary_zh":205,"released_at":206},102548,"0.0.5","This is the release of prompt-security\u002Fps-fuzz for version 0.0.5","2024-04-15T18:25:43",{"id":208,"version":209,"summary_zh":210,"released_at":211},102549,"0.0.4","This is the release of prompt-security\u002Fps-fuzz for version 0.0.4","2024-04-15T13:12:33",{"id":213,"version":214,"summary_zh":215,"released_at":216},102550,"0.0.3","This is the release of prompt-security\u002Fps-fuzz for version 0.0.3","2024-04-15T10:27:51",{"id":218,"version":219,"summary_zh":220,"released_at":221},102551,"0.0.2","This is the release of prompt-security\u002Fps-fuzz for version 0.0.2","2024-04-15T08:15:01",{"id":223,"version":224,"summary_zh":225,"released_at":226},102552,"0.0.1-interactive","This is the release of prompt-security\u002Fps-fuzz for version 0.0.1-interactive","2024-04-15T00:04:48",{"id":228,"version":229,"summary_zh":230,"released_at":231},102553,"initial_commit_test_release","This is the release of prompt-security\u002Fps-fuzz for version initial_commit_test_release","2024-04-13T15:21:26"]