让 before_agent_start 的 systemPrompt 真正生效，减少上下文外泄

• You are using plugin hook `before_agent_start` and can inspect behavior with test prompts.
• Your stack can deploy a patch or upgrade once fix is merged upstream.

1. Reproduce the issue by returning both `prependContext` and `systemPrompt`, then check which one affects final model behavior.
2. Move sensitive routing directives from user-visible prepend text into system-level prompt path.
3. Regression-test with smaller models (e.g., Haiku-class) for echo/leakage cases.
4. Ship patch/upgrade and keep a fallback rule to strip accidental prompt echoes in output filters.

• Behavior differs across model families; every target model should be revalidated（需验证）.
• Avoid storing secrets directly in system prompts; use scoped references where possible.

This tip is aggregated from community/public sources and preserved with attribution.