Sources and Sinks
静态分析可以把 ToLO 问题建模为从 LLM 输出 source 到敏感 sink 的数据流。
Sources
- LLM completion result
- Chat response message content
- Parsed structured output
- Agent plan or action
- Tool argument generated by model
Sinks
- Code execution
- Shell execution
- File access
- Network request
- Database query
- Template rendering
- Authorization decision
Guards
- Schema validation
- Allowlist
- Sandboxing
- Type narrowing
- Capability checks
- Human approval