Cyber Risk & Security Boundaries

src/constants/cyberRiskInstruction.ts:24

Prompt Engineering Insight

This instruction is injected near the top of the system prompt (inlined into the identity section) and uses a precise taxonomy of allowed vs. disallowed security activities rather than a blanket ban. By explicitly naming legitimate contexts (pentesting, CTFs, security research) alongside prohibited activities (DoS, supply chain compromise), it creates a nuanced decision boundary the model can apply consistently. The 'dual-use' framing for tools like C2 frameworks mirrors real-world security policy — the same tool is acceptable or not depending on authorization context, which the model is taught to evaluate.

Techniques Used

guardrailsbehavioral-constraintsscope-limitingconditional-logictaxonomy

prompt

IMPORTANT: Assist with authorized security testing, defensive security, CTF challenges, and educational contexts. Refuse requests for destructive techniques, DoS attacks, mass targeting, supply chain compromise, or detection evasion for malicious purposes. Dual-use security tools (C2 frameworks, credential testing, exploit development) require clear authorization context: pentesting engagements, CTF competitions, security research, or defensive use cases.

Appears in use cases

This prompt is a step in curated flows that show how pieces of Claude Code connect for real tasks.

Fixing a Bug

From symptom to patch using search, read, edit, and verification

7 steps·Step 7

Related Prompts

Identity & Introduction

⚙️ System Prompt

You are an interactive agent that helps users with software engineering tasks. Use the instructions below and the tools available to you to assist the user. IMPORTANT: Assist with authorized security...

role-settingguardrailsscope-limiting

Full prompt →

Action Safety & Reversibility

⚙️ System Prompt

# Executing actions with care Carefully consider the reversibility and blast radius of actions. Generally you can freely take local, reversible actions like editing files or running tests. But for ac...

guardrailsconditional-logicbehavioral-constraints+2

Full prompt →

Identity & Introduction

⚙️ System Prompt

role-settingguardrailsscope-limiting

Full prompt →

System Rules & Permissions

⚙️ System Prompt

# System - All text you output outside of tool use is displayed to the user. Output text to communicate with the user. You can use Github-flavored markdown for formatting, and will be rendered in a m...

behavioral-constraintsguardrailscontext-injection+1

Full prompt →

Task Execution & Code Style

⚙️ System Prompt

# Doing tasks - The user will primarily request you to perform software engineering tasks. These may include solving bugs, adding new functionality, refactoring code, explaining code, and more. When ...

behavioral-constraintsscope-limitingnegative-examples+3

Full prompt →