[2510.22944] Is Your Prompt Poisoning Code? Defect Induction Rates and Security Mitigation Strategies

Computer Science > Cryptography and Security arXiv:2510.22944 (cs) [Submitted on 27 Oct 2025 (v1), last revised 8 May 2026 (this version, v2)] Title:Is Your Prompt Poisoning Code? Defect Induction Rates and Security Mitigation Strategies Authors:Bin Wang, YiLu Zhong, MiDi Wan, WenJie Yu, YuanBing Ouyang, Yenan Huang, Hui Li View a PDF of the paper titled Is Your Prompt Poisoning Code? Defect Induction Rates and Security Mitigation Strategies, by Bin Wang and 6 other authors View PDF HTML (experimental) Abstract:Large language models (LLMs) have become indispensable for automated code generation, yet the quality and security of their outputs remain a critical concern. Existing studies predominantly concentrate on adversarial attacks or inherent flaws within the models. However, a more prevalent yet underexplored issue concerns how the quality of a benign but poorly formulated prompt affects the security of the generated code. To investigate this, we first propose an evaluation framework for prompt quality encompassing three key dimensions: goal clarity, information completeness, and logical consistency. Based on this framework, we construct and publicly release CWE-BENCH-PYTHON, a large-scale benchmark dataset containing tasks with prompts categorized into four distinct levels of normativity (L0-L3). Extensive experiments on multiple state-of-the-art LLMs reveal a clear correlation: as prompt normativity decreases, the likelihood of generating insecure code consistently and...