From 9ce293a736404bb4586fcf95f30928fe5c98f96c Mon Sep 17 00:00:00 2001
From: Magicbook1108 <newyorkupperbay@gmail.com>
Date: Fri, 10 Apr 2026 13:42:57 +0800
Subject: [PATCH] Refact: update exesql notification (#14027)

### What problem does this PR solve?

Refact: update exesql notification

### Type of change


- [x] Refactoring
---
 agent/tools/exesql.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/agent/tools/exesql.py b/agent/tools/exesql.py
index 305801124c..ea4ca34b83 100644
--- a/agent/tools/exesql.py
+++ b/agent/tools/exesql.py
@@ -255,6 +255,10 @@ class ExeSQL(ToolBase, ABC):
                 if not single_sql:
                     continue
                 single_sql = re.sub(r"\[ID:[0-9]+\]", "", single_sql)
+                if re.match(r"^(insert|update|delete)\b", single_sql, flags=re.IGNORECASE):
+                    sql_res.append({"content": "For security reasons, INSERT, UPDATE, and DELETE statements are not supported."})
+                    formalized_content.append("For security reasons, INSERT, UPDATE, and DELETE statements are not supported.")
+                    continue
                 cursor.execute(single_sql)
                 if cursor.rowcount == 0:
                     sql_res.append({"content": "No record in the database!"})