Files
AstrBot/astrbot
Soulter 59fa9fdeaa fix(core): security fix - restrict send_message_to_user to current session only
Closes #7822

SECURITY: Remove the user-controlled 'session' parameter from the
send_message_to_user tool. Previously, a regular user could ask the
LLM to send messages to any arbitrary session (group chat) by
providing a crafted session string, which is a high-risk
vulnerability.

Changes:
- Remove 'session' parameter from tool schema (LLM can no longer
  propose it)
- Always use context.context.event.unified_msg_origin as the target
  session
- Update description to clearly state that messages can only be sent
  to the current user's session
2026-04-27 02:07:52 +08:00
..
2026-04-23 22:28:40 +08:00