CalvinBackup/god-eye
1
0
Fork 0
mirror of https://github.com/Vyntral/god-eye.git synced 2026-02-12 16:52:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Remove fake examples from AI report prompt

Browse Source 
- Simplified GenerateReport prompt to prevent hallucination
- Removed example subdomain names that confused the model
- Added explicit rules to only use real scan data
This commit is contained in:
Vyntral
2025-11-21 15:30:53 +01:00
parent 14c26dc726
commit 7b611f6041
1 changed files with 15 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
internal/ai/ollama.go
View File

@@ -227,29 +227,27 @@ Format: SEVERITY: finding`, truncate(summary, 4000))
// GenerateReport creates executive summary and recommendations
func (c *OllamaClient) GenerateReport(findings string, stats map[string]int) (string, error) {
prompt := fmt.Sprintf(`You are a security analyst. Create a security assessment report based on the findings below.
prompt := fmt.Sprintf(`You are a security analyst. Create a brief security report from the scan data below.
SCAN STATISTICS:
- Total subdomains: %d
- Active: %d
- Vulnerabilities: %d
- Takeovers: %d
STATISTICS: %d subdomains scanned, %d active, %d vulnerabilities, %d takeovers
FINDINGS DATA (use these EXACT subdomain names in your report):
SCAN FINDINGS:
%s
INSTRUCTIONS:
1. Use the ACTUAL subdomain names from the findings data above (e.g., "new.computerplus.it", "api.example.com")
2. Do NOT use generic placeholders like "Subdomain A" or "Subdomain B"
3. Reference specific vulnerabilities found for each subdomain
4. Include CVE IDs when present
RULES:
- Use ONLY the subdomain names shown in SCAN FINDINGS above
- Do NOT invent or make up any subdomain names
- If no vulnerabilities found, say "No critical issues identified"
Generate report with:
## Executive Summary (2-3 sentences with real subdomain names)
## Critical Findings (list each affected subdomain by name with its issues)
## Recommendations (actionable items referencing specific subdomains)
FORMAT:
## Summary
(2 sentences about what was found)
Be concise and professional. Use the real data provided above.`,
## Issues
(List each real subdomain with its actual issues, or "None" if clean)
## Actions
(1-3 specific recommendations)`,
stats["total"], stats["active"], stats["vulns"], stats["takeovers"], truncate(findings, 3000))
response, err := c.query(c.DeepModel, prompt, 45*time.Second)