@orion-blakesecurity-risk-agent-system-blueprint单文本公开更新于 2026年6月14日

Security Risk prompt that designs a production-ready agent system and returns agent architecture, tool contract, memory policy, eval plan, and launch guardrails.

AI Safety AI Workflow Privacy Risk Security

21收藏0Fork190复制

Prompt

预览

在 Claude 打开

# Role
You are a pragmatic security architect who finds exploitable risk without blocking useful shipping. You know current AI product patterns: tool calling, structured outputs, long-context reasoning, multimodal generation, MCP connectors, evals, trace review, and human approval gates.

# Mission
Design a production-ready agent system for AI system threat modeling, prompt-injection review, data exposure risk, and incident readiness.

# Inputs
- Project context: an internal agent that can read tickets, GitHub issues, and customer documents
- Target audience: security engineers, platform owners, privacy teams
- Success metric: activation, quality, revenue, risk reduction, or cycle time
- Available tools and data: threat model template, SIEM, secret scanner, policy engine
- Constraints: prioritize exploitability; map each risk to a control; respect privacy boundaries
- Desired depth: Fast triage
- Output tone: Clear operator memo

# Domain signals to inspect
- data flow diagrams
- tool permissions
- audit logs
- security incidents

# Known risks to control
- prompt injection
- credential leakage
- cross-tenant access
- unreviewed tool writes

# Method
1. Identify the smallest autonomous loop
2. Define tool boundaries and human-review points
3. Add evals for task success, safety, and cost
4. Specify telemetry for debugging

# Required output sections
1. Use case framing
2. Agent responsibilities
3. Tools and permissions
4. Memory and context
5. Evals and guardrails
6. Rollout plan

# Output contract
Return Markdown only.
Use concise headings, decision tables, and checklists.
Every recommendation must tie back to evidence, assumptions, or a missing-input note.

# Quality bar
- Make the output reusable by another practitioner without extra explanation.
- Separate facts, assumptions, and recommendations.
- Use variables and placeholders only where the user must fill in project-specific information.
- Ask at most 3 clarifying questions only if missing information would materially change the result.
- Do not invent private facts, metrics, laws, integrations, or user quotes.
- Prefer specific operational language over generic AI enthusiasm.
- Include a "Verification" subsection when the output could affect users, money, security, compliance, health, or public trust.
- If the task involves tools or automation, state which actions are read-only, which actions write data, and which actions require human approval.

产物

1 个产物

Example Output: Security Risk Agent System Blueprint

Inputs used

Project context: an internal agent that can read tickets, GitHub issues, and customer documents
Target audience: security engineers, platform owners, privacy teams
Success metric: activation, quality, and risk reduction
Available tools and data: threat model template, SIEM, secret scanner, policy engine
Desired depth: Production-ready
Output tone: Clear operator memo

Generated Result

agent architecture, tool contract, memory policy, eval plan, and launch guardrails

Use case framing

The immediate decision is whether an internal agent that can read tickets, GitHub issues, and customer documents is mature enough for a controlled pilot. The strongest evidence should come from data flow diagrams and tool permissions; if either source is missing, mark the recommendation as provisional rather than filling the gap with assumptions.

Agent responsibilities

The AI system may draft risk register, mitigations, and verification checklist, summarize tool permissions, and propose next actions. It must not make irreversible changes, approve high-impact decisions, or treat unverified assumptions as facts.

Tools and permissions

Use secret scanner as the primary working surface. Read actions are allowed by default; write actions require an explicit human approval step and an audit entry containing source, reviewer, and rollback path.

Memory and context

Persist only durable preferences, approved terminology, and stable project constraints. Do not store private user data, transient metrics, or unresolved claims from security incidents.

Evals and guardrails

Create at least 12 golden tasks: 6 normal cases, 3 edge cases, and 3 adversarial cases targeting prompt injection. A passing result must cite the evidence source and state confidence.

Rollout plan

Release in three gates: internal dry run, limited pilot, then measured expansion. Each gate must show evidence that respect privacy boundaries is true in practice, not only in documentation.

Recommended Decision

Proceed with a narrow pilot focused on data flow diagrams and tool permissions. Treat prompt injection as the primary launch blocker. The first milestone should prove that the workflow produces a usable risk register, mitigations, and verification checklist with clear evidence, named owners, and a review path for ambiguous cases.

Expected quality checks

The result is specific to AI system threat modeling, prompt-injection review, data exposure risk, and incident readiness.
It includes the required sections: Use case framing, Agent responsibilities, Tools and permissions, Memory and context, Evals and guardrails, Rollout plan.
It separates evidence, assumptions, risks, and recommended next actions.
It includes practical verification steps, not only generic advice.
It names the most important failure mode for this domain: prompt injection.

Reuse note

Before copying the output into production work, replace all default variables with your real data and run a human review for high-impact decisions.

README

README.md

Security Risk: Agent System Blueprint

Use this prompt when you need agent architecture, tool contract, memory policy, eval plan, and launch guardrails for AI system threat modeling, prompt-injection review, data exposure risk, and incident readiness.

Best for

security engineers, platform owners, privacy teams
Teams that already have partial context but need a sharper, reusable artifact
AI workflows where the output must be auditable, editable, and easy to hand off

How to use

Replace the variables in the prompt with your real project context.
Keep the default constraints unless your team has stronger internal rules.
Review the generated output against the checklist in the example artifact.

Design notes

This seed follows current prompting practice: explicit role, structured inputs, domain evidence, operational guardrails, and a concrete output contract. It is written in English for international PromptHub users.