摘要: 由于大语言模型(Large Language Model, LLM)在智能问答、自动化运维、代码生成等场景中的应用日趋普遍，其安全问题愈加突出，例如工具投毒、提示注入、未授权操作及命令执行等安全风险。而传统Web漏洞扫描工具尚不能可靠地检测此类新型漏洞，针对以上问题综合应用沙箱隔离机制、攻击链还原算法、Python自动化分析技术及控制流图(CFG)分析等技术，在安全隔离环境中对大模型工具代码及其运行行为进行动态检测，既能检测SQL注入、XSS、CSRF等传统漏洞，又能检测MCP协议特有的工具投毒攻击及复杂提示注入漏洞，并能够输出包含完整数据流污染路径的可视化报告。实验结果表明所提出方案能提升大模型应用安全检测能力的有效性，也为此类应用提供了自动化、低成本的安全监控及漏洞修复参考方案。

Abstract: As the application of Large Language Models (LLMs) in scenarios such as intelligent question answering, automated operation and maintenance, and code generation becomes increasingly prevalent, their security issues have become more prominent, including security risks such as tool poisoning, prompt injection, unauthorized operations, and command execution. Traditional web vulnerability scanning tools are still unable to reliably detect these new types of vulnerabilities. To address these issues, we comprehensively apply sandbox isolation mechanisms, attack chain reconstruction algorithms, Python automated analysis techniques, and Control Flow Graph (CFG) analysis to dynamically detect the tool code and its operational behavior of large models in a secure isolation environment. This approach not only detects traditional vulnerabilities such as SQL injection, XSS, and CSRF but also identifies tool poisoning attacks and complex prompt injection vulnerabilities specific to the MCP protocol. It can also output a visual report containing the complete data flow pollution path. Experimental results show that the proposed solution enhances the effectiveness of security detection capabilities for large model applications and provides an automated, low-cost reference solution for security monitoring and vulnerability remediation for such applications.