diff --git a/agent/agent_config.py b/agent/agent_config.py
index a1503a9..9fd2ec2 100644
--- a/agent/agent_config.py
+++ b/agent/agent_config.py
@@ -24,6 +24,7 @@ class AgentConfig:
     mcp_settings: Optional[List[Dict]] = field(default_factory=list)
     generate_cfg: Optional[Dict] = None
     enable_thinking: bool = False
+    enable_self_knowledge: bool = False
 
     # 上下文参数
     project_dir: Optional[str] = None
@@ -64,6 +65,7 @@ class AgentConfig:
             'mcp_settings': self.mcp_settings,
             'generate_cfg': self.generate_cfg,
             'enable_thinking': self.enable_thinking,
+            'enable_self_knowledge': self.enable_self_knowledge,
             'project_dir': self.project_dir,
             'user_identifier': self.user_identifier,
             'session_id': self.session_id,
@@ -122,6 +124,7 @@ class AgentConfig:
             user_identifier=request.user_identifier,
             session_id=request.session_id,
             enable_thinking=request.enable_thinking,
+            enable_self_knowledge=request.enable_self_knowledge,
             project_dir=project_dir,
             stream=request.stream,
             tool_response=request.tool_response,
@@ -179,6 +182,7 @@ class AgentConfig:
 
         enable_thinking = bot_config.get("enable_thinking", False)
         enable_memori = bot_config.get("enable_memory", False)
+        enable_self_knowledge = bot_config.get("enable_self_knowledge", False)
 
         config = cls(
             bot_id=request.bot_id,
@@ -191,6 +195,7 @@ class AgentConfig:
             user_identifier=request.user_identifier,
             session_id=request.session_id,
             enable_thinking=enable_thinking,
+            enable_self_knowledge=enable_self_knowledge,
             project_dir=project_dir,
             stream=request.stream,
             tool_response=request.tool_response,
@@ -246,6 +251,7 @@ class AgentConfig:
             'language': self.language,
             'generate_cfg': self.generate_cfg,
             'enable_thinking': self.enable_thinking,
+            'enable_self_knowledge': self.enable_self_knowledge,
             'user_identifier': self.user_identifier,
             'session_id': self.session_id,
             'dataset_ids': self.dataset_ids,  # 添加dataset_ids到缓存键生成
diff --git a/agent/deep_assistant.py b/agent/deep_assistant.py
index 2521b6e..3efdf37 100644
--- a/agent/deep_assistant.py
+++ b/agent/deep_assistant.py
@@ -306,6 +306,7 @@ async def init_agent(config: AgentConfig):
             "ASSISTANT_ID": config.bot_id,
             "USER_IDENTIFIER": config.user_identifier,
             "TRACE_ID": config.trace_id,
+            "ENABLE_SELF_KNOWLEDGE": str(config.enable_self_knowledge).lower(),
             **(config.shell_env or {}),
         }
     )
diff --git a/agent/plugin_hook_loader.py b/agent/plugin_hook_loader.py
index 5796e59..177937c 100644
--- a/agent/plugin_hook_loader.py
+++ b/agent/plugin_hook_loader.py
@@ -214,6 +214,7 @@ async def _execute_command(skill_path: str, command: str, hook_type: str, config
         env['ASSISTANT_ID'] = str(getattr(config, 'bot_id', ''))
         env['USER_IDENTIFIER'] = str(getattr(config, 'user_identifier', ''))
         env['TRACE_ID'] = str(getattr(config, 'trace_id', ''))
+        env['ENABLE_SELF_KNOWLEDGE'] = str(getattr(config, 'enable_self_knowledge', False)).lower()
         env['SESSION_ID'] = str(getattr(config, 'session_id', ''))
         env['LANGUAGE'] = str(getattr(config, 'language', ''))
         env['HOOK_TYPE'] = hook_type
diff --git a/routes/chat.py b/routes/chat.py
index 9b9f6f9..87e8584 100644
--- a/routes/chat.py
+++ b/routes/chat.py
@@ -512,7 +512,7 @@ async def chat_completions(request: ChatRequest, authorization: Optional[str] =
         project_dir = create_project_directory(request.dataset_ids, bot_id, request.skills)
 
         # 收集额外参数作为 generate_cfg
-        exclude_fields = {'messages', 'model', 'model_server', 'dataset_ids', 'language', 'tool_response', 'system_prompt', 'mcp_settings' ,'stream', 'robot_type', 'bot_id', 'user_identifier', 'session_id', 'enable_thinking', 'skills', 'enable_memory', 'n', 'shell_env', 'max_tokens'}
+        exclude_fields = {'messages', 'model', 'model_server', 'dataset_ids', 'language', 'tool_response', 'system_prompt', 'mcp_settings' ,'stream', 'robot_type', 'bot_id', 'user_identifier', 'session_id', 'enable_thinking', 'skills', 'enable_memory', 'enable_self_knowledge', 'n', 'shell_env', 'max_tokens'}
         generate_cfg = {k: v for k, v in request.model_dump().items() if k not in exclude_fields}
         logger.info("chat_completions generate_cfg_keys=%s model=%s", list(generate_cfg.keys()), request.model)
         # 处理消息
@@ -563,7 +563,7 @@ async def chat_warmup_v1(request: ChatRequest, authorization: Optional[str] = He
         project_dir = create_project_directory(request.dataset_ids, bot_id, request.skills)
 
         # 收集额外参数作为 generate_cfg
-        exclude_fields = {'messages', 'model', 'model_server', 'dataset_ids', 'language', 'tool_response', 'system_prompt', 'mcp_settings' ,'stream', 'robot_type', 'bot_id', 'user_identifier', 'session_id', 'enable_thinking', 'skills', 'enable_memory', 'n', 'shell_env'}
+        exclude_fields = {'messages', 'model', 'model_server', 'dataset_ids', 'language', 'tool_response', 'system_prompt', 'mcp_settings' ,'stream', 'robot_type', 'bot_id', 'user_identifier', 'session_id', 'enable_thinking', 'skills', 'enable_memory', 'enable_self_knowledge', 'n', 'shell_env'}
         generate_cfg = {k: v for k, v in request.model_dump().items() if k not in exclude_fields}
 
         # 创建一个空的消息列表用于预热（实际消息不会在warmup中处理）
@@ -666,6 +666,7 @@ async def chat_warmup_v2(request: ChatRequestV2, authorization: Optional[str] =
         # 处理消息
         messages = process_messages(empty_messages, request.language or "ja")
 
+        exclude_fields = {'messages', 'dataset_ids', 'language', 'tool_response', 'system_prompt', 'mcp_settings', 'stream', 'robot_type', 'bot_id', 'user_identifier', 'session_id', 'enable_thinking', 'skills', 'enable_memory', 'enable_self_knowledge', 'n', 'model', 'model_server', 'api_key', 'shell_env', 'max_tokens'}
         generate_cfg = {k: v for k, v in request.model_dump().items() if k not in exclude_fields}
         logger.info("chat_warmup_v2 generate_cfg_keys=%s requested_model=%s", list(generate_cfg.keys()), request.model)
         # 从请求中提取 model/model_server/api_key，优先级高于 bot_config（排除 "whatever" 和空值）
@@ -773,7 +774,7 @@ async def chat_completions_v2(request: ChatRequestV2, authorization: Optional[st
         # 处理消息
         messages = process_messages(request.messages, request.language)
         # 收集额外参数作为 generate_cfg
-        exclude_fields = {'messages', 'dataset_ids', 'language', 'tool_response', 'system_prompt', 'mcp_settings', 'stream', 'robot_type', 'bot_id', 'user_identifier', 'session_id', 'enable_thinking', 'skills', 'enable_memory', 'n', 'model', 'model_server', 'api_key', 'shell_env', 'max_tokens'}
+        exclude_fields = {'messages', 'dataset_ids', 'language', 'tool_response', 'system_prompt', 'mcp_settings', 'stream', 'robot_type', 'bot_id', 'user_identifier', 'session_id', 'enable_thinking', 'skills', 'enable_memory', 'enable_self_knowledge', 'n', 'model', 'model_server', 'api_key', 'shell_env', 'max_tokens'}
         generate_cfg = {k: v for k, v in request.model_dump().items() if k not in exclude_fields}
         logger.info("chat_completions_v2 generate_cfg_keys=%s requested_model=%s", list(generate_cfg.keys()), request.model)
         # 从请求中提取 model/model_server/api_key，优先级高于 bot_config（排除 "whatever" 和空值）
diff --git a/skills/autoload/support/rag-retrieve/hooks/hook-backup.md b/skills/autoload/support/rag-retrieve/hooks/hook-backup.md
deleted file mode 100644
index c90e84f..0000000
--- a/skills/autoload/support/rag-retrieve/hooks/hook-backup.md
+++ /dev/null
@@ -1,55 +0,0 @@
-# Retrieval Policy
-
-### 1. Retrieval Order and Tool Selection
-- Follow this section for source choice, tool choice, query rewrite, `top_k`, fallback, result handling, and citations.
-- Use this default retrieval order and execute it sequentially: skill-enabled knowledge retrieval tools > `rag_retrieve` / `table_rag_retrieve`.
-- Do NOT answer from model knowledge first.
-- Do NOT bypass the retrieval flow and inspect local filesystem documents on your own.
-- Do NOT use local filesystem retrieval as a fallback knowledge source.
-- Local filesystem documents are not a recommended retrieval source here because file formats are inconsistent and have not been normalized or parsed for reliable knowledge lookup.
-- Knowledge must be retrieved through the supported knowledge tools only: skill-enabled retrieval scripts, `table_rag_retrieve`, and `rag_retrieve`.
-- When a suitable skill-enabled knowledge retrieval tool is available, use it first.
-- If no suitable skill-enabled retrieval tool is available, or if its result is insufficient, continue with `rag_retrieve` or `table_rag_retrieve`.
-- Use `table_rag_retrieve` first for values, prices, quantities, inventory, specifications, rankings, comparisons, summaries, extraction, lists, tables, name lookup, historical coverage, mixed questions, and unclear cases.
-- Use `rag_retrieve` first only for clearly pure concept, definition, workflow, policy, or explanation questions without structured data needs.
-- After each retrieval step, evaluate sufficiency before moving to the next source. Do NOT run these retrieval sources in parallel.
-
-### 2. Query Preparation
-- Do NOT pass the raw user question unless it already works well for retrieval.
-- Rewrite for recall: extract entity, time scope, attributes, and intent.
-- Add useful variants: synonyms, aliases, abbreviations, related titles, historical names, and category terms.
-- Expand list-style, extraction, overview, historical, roster, timeline, and archive queries more aggressively.
-- Preserve meaning. Do NOT introduce unrelated topics.
-
-### 3. Retrieval Breadth (`top_k`)
-- Apply `top_k` only to `rag_retrieve`. Use the smallest sufficient value, then expand only if coverage is insufficient.
-- Use `30` for simple fact lookup.
-- Use `50` for moderate synthesis, comparison, summarization, or disambiguation.
-- Use `100` for broad recall, such as comprehensive analysis, scattered knowledge, multiple entities or periods, or list / catalog / timeline / roster / overview requests.
-- Raise `top_k` when keyword branches are many or results are too few, repetitive, incomplete, sparse, or too narrow.
-- Use this expansion order: `30 -> 50 -> 100`. If unsure, use `100`.
-
-### 4. Result Evaluation
-- Treat results as insufficient if they are empty, start with `Error:`, say `no excel files found`, are off-topic, miss the core entity or scope, or provide no usable evidence.
-- Also treat results as insufficient when they cover only part of the request, or when full-list, historical, comparison, or mixed data + explanation requests return only partial or truncated coverage.
-
-### 5. Fallback and Sequential Retry
-- If the first retrieval result is insufficient, call the next supported retrieval source in the default order before replying.
-- `table_rag_retrieve` now performs an internal fallback to `rag_retrieve` when it returns `no excel files found`, but this does NOT change the higher-level retrieval order.
-- If `table_rag_retrieve` is insufficient or empty, continue with `rag_retrieve`.
-- If `rag_retrieve` is insufficient or empty, continue with `table_rag_retrieve`.
-- Say no relevant information was found only after all applicable skill-enabled retrieval tools, `rag_retrieve`, and `table_rag_retrieve` have been tried and still do not provide enough evidence.
-- Do NOT reply that no relevant information was found before the supported knowledge retrieval flow has been exhausted.
-
-### 6. Table RAG Result Handling
-- Follow all `[INSTRUCTION]` and `[EXTRA_INSTRUCTION]` content in `table_rag_retrieve` results.
-- If results are truncated, explicitly tell the user total matches (`N+M`), displayed count (`N`), and omitted count (`M`).
-- Cite data sources using filenames from `file_ref_table`.
-
-### 7. Citation Requirements for Retrieved Knowledge
-- When using knowledge from `rag_retrieve` or `table_rag_retrieve`, you MUST generate `<CITATION ... />` tags.
-- Follow the citation format returned by each tool.
-- Place citations immediately after the paragraph or bullet list that uses the knowledge.
-- Do NOT collect citations at the end.
-- Use 1-2 citations per paragraph or bullet list when possible.
-- If learned knowledge is used, include at least 1 `<CITATION ... />`.
diff --git a/skills/autoload/support/rag-retrieve/hooks/pre_prompt.py b/skills/autoload/support/rag-retrieve/hooks/pre_prompt.py
index 11f445d..97bb6bd 100644
--- a/skills/autoload/support/rag-retrieve/hooks/pre_prompt.py
+++ b/skills/autoload/support/rag-retrieve/hooks/pre_prompt.py
@@ -3,16 +3,24 @@
 PreMemoryPrompt Hook - 用户上下文加载器示例
 
 在记忆提取提示词（FACT_RETRIEVAL_PROMPT）加载时执行，
-读取同目录下的 memory_prompt.md 作为自定义记忆提取提示词模板。
+根据环境变量决定是否启用禁止使用模型自身知识的 retrieval policy。
 """
+import os
 import sys
 from pathlib import Path
 
 
 def main():
-    prompt_file = Path(__file__).parent / "retrieval-policy.md"
-    if prompt_file.exists():
-        print(prompt_file.read_text(encoding="utf-8"))
+    enable_self_knowledge = (
+        os.getenv("ENABLE_SELF_KNOWLEDGE", "false").lower() == "true"
+    )
+    policy_name = (
+        "retrieval-policy.md"
+        if enable_self_knowledge
+        else "retrieval-policy-forbidden-self-knowledge.md"
+    )
+    prompt_file = Path(__file__).parent / policy_name
+    print(prompt_file.read_text(encoding="utf-8"))
     return 0
 
 
diff --git a/skills/autoload/support/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md b/skills/autoload/support/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md
new file mode 100644
index 0000000..92ad0d8
--- /dev/null
+++ b/skills/autoload/support/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md
@@ -0,0 +1,113 @@
+# Retrieval Policy (Forbidden Self-Knowledge)
+
+## 0. Task Classification
+
+Classify the request before acting:
+- **Knowledge retrieval** (facts, summaries, comparisons, prices, lists, timelines, extraction, etc.): follow this policy strictly.
+- **Codebase engineering** (modify/debug/inspect code): normal tools (Glob, Read, Grep, Bash) allowed.
+- **Mixed**: use retrieval tools for the knowledge portion, code tools for the code portion only.
+- **Uncertain**: default to knowledge retrieval.
+
+## 1. Critical Enforcement
+
+For knowledge retrieval tasks, **this policy overrides all generic assistant behavior**.
+
+- **Prohibited answer source**: the model's own parametric knowledge, memory, prior world knowledge, intuition, common sense completion, or unsupported inference.
+- **Prohibited tools**: `Glob`, `Read`, `LS`, Bash (`ls`, `find`, `cat`, `head`, `tail`, `grep`, etc.) — these are forbidden even when retrieval results are empty/insufficient, even if local files seem helpful.
+- **Allowed tools only**: skill-enabled retrieval tools, `table_rag_retrieve`, `rag_retrieve`. No other source for factual answering.
+- Local filesystem is a **prohibited** knowledge source, not merely non-recommended.
+- Exception: user explicitly asks to read a specific local file as the task itself.
+- If retrieval evidence is absent, insufficient, or ambiguous, **do not fill the gap with model knowledge**.
+
+## 2. Core Answering Rule
+
+For any knowledge retrieval task:
+
+- Answer **only** from retrieved evidence.
+- Treat all non-retrieved knowledge as unusable, even if it seems obviously correct.
+- Do NOT answer from memory first.
+- Do NOT "helpfully complete" missing facts.
+- Do NOT convert weak hints into confident statements.
+- If evidence does not support a claim, omit the claim.
+
+## 3. Retrieval Order and Tool Selection
+
+Execute **sequentially, one at a time**. Do NOT run in parallel. Do NOT probe filesystem first.
+
+1. **Skill-enabled retrieval tools** (use first when available)
+2. **`table_rag_retrieve`** or **`rag_retrieve`**:
+   - Prefer `table_rag_retrieve` for: values, prices, quantities, specs, rankings, comparisons, lists, tables, name lookup, historical coverage, mixed/unclear cases.
+   - Prefer `rag_retrieve` for: pure concept, definition, workflow, policy, or explanation questions only.
+
+- After each step, evaluate sufficiency before proceeding.
+- Retrieval must happen **before** any factual answer generation.
+
+## 4. Query Preparation
+
+- Do NOT pass raw user question unless it already works well for retrieval.
+- Rewrite for recall: extract entity, time scope, attributes, intent. Add synonyms, aliases, abbreviations, historical names, category terms.
+- Expand list/extraction/overview/timeline queries more aggressively. Preserve meaning.
+
+## 5. Retrieval Breadth (`top_k`)
+
+- Apply `top_k` only to `rag_retrieve`. Use smallest sufficient value, expand if insufficient.
+- `30` for simple fact lookup → `50` for moderate synthesis/comparison → `100` for broad recall (comprehensive analysis, scattered knowledge, multi-entity, list/catalog/timeline).
+- Expansion order: `30 → 50 → 100`. If unsure, use `100`.
+
+## 6. Result Evaluation
+
+Treat as insufficient if: empty, `Error:`, `no excel files found`, off-topic, missing core entity/scope, no usable evidence, partial coverage, truncated results, or claims required by the answer are not explicitly supported.
+
+## 7. Fallback and Sequential Retry
+
+On insufficient results, follow this sequence:
+
+1. Rewrite query, retry same tool (once)
+2. Switch to next retrieval source in default order
+3. For `rag_retrieve`, expand `top_k`: `30 → 50 → 100`
+4. `table_rag_retrieve` insufficient → try `rag_retrieve`; `rag_retrieve` insufficient → try `table_rag_retrieve`
+
+- `table_rag_retrieve` internally falls back to `rag_retrieve` on `no excel files found`, but this does NOT change the higher-level order.
+- Say "no relevant information was found" **only after** exhausting all retrieval sources.
+- Do NOT switch to local filesystem inspection at any point.
+- Do NOT switch to model self-knowledge at any point.
+
+## 8. Handling Missing or Partial Evidence
+
+- If some parts are supported and some are not, answer only the supported parts.
+- Clearly mark unsupported parts as unavailable rather than guessing.
+- Prefer "the retrieved materials do not provide this information" over speculative completion.
+- When user asks for a definitive answer but evidence is incomplete, state the limitation directly.
+
+## 9. Table RAG Result Handling
+
+- Follow all `[INSTRUCTION]` and `[EXTRA_INSTRUCTION]` in results.
+- If truncated: tell user total (`N+M`), displayed (`N`), omitted (`M`).
+- Cite sources using filenames from `file_ref_table`.
+
+## 10. Image Handling
+
+- The content returned by the `rag_retrieve` tool may include images.
+- Each image is exclusively associated with its nearest text or sentence.
+- If multiple consecutive images appear near a text area, all of them are related to the nearest text content.
+- Do NOT ignore these images, and always maintain their correspondence with the nearest text.
+- Each sentence or key point in the response should be accompanied by relevant images when they meet the established association criteria.
+- Avoid placing all images at the end of the response.
+
+## 11. Citation Requirements
+
+- MUST generate `<CITATION ... />` tags when using retrieval results.
+- Place citations immediately after the paragraph or bullet list using the knowledge. Do NOT collect at end.
+- 1-2 citations per paragraph/bullet. At least 1 citation when using retrieved knowledge.
+- Do NOT cite claims that were not supported by retrieval.
+
+## 12. Pre-Reply Self-Check
+
+Before replying to a knowledge retrieval task, verify:
+- Used only whitelisted retrieval tools — no local filesystem inspection?
+- Did retrieval happen before any factual answer drafting?
+- Did every factual claim come from retrieved evidence rather than model knowledge?
+- Exhausted retrieval flow before concluding "not found"?
+- Citations placed immediately after each relevant paragraph?
+
+If any answer is "no", correct the process first.
diff --git a/skills/onprem/rag-retrieve-only/hooks/pre_prompt.py b/skills/onprem/rag-retrieve-only/hooks/pre_prompt.py
index 11f445d..97bb6bd 100644
--- a/skills/onprem/rag-retrieve-only/hooks/pre_prompt.py
+++ b/skills/onprem/rag-retrieve-only/hooks/pre_prompt.py
@@ -3,16 +3,24 @@
 PreMemoryPrompt Hook - 用户上下文加载器示例
 
 在记忆提取提示词（FACT_RETRIEVAL_PROMPT）加载时执行，
-读取同目录下的 memory_prompt.md 作为自定义记忆提取提示词模板。
+根据环境变量决定是否启用禁止使用模型自身知识的 retrieval policy。
 """
+import os
 import sys
 from pathlib import Path
 
 
 def main():
-    prompt_file = Path(__file__).parent / "retrieval-policy.md"
-    if prompt_file.exists():
-        print(prompt_file.read_text(encoding="utf-8"))
+    enable_self_knowledge = (
+        os.getenv("ENABLE_SELF_KNOWLEDGE", "false").lower() == "true"
+    )
+    policy_name = (
+        "retrieval-policy.md"
+        if enable_self_knowledge
+        else "retrieval-policy-forbidden-self-knowledge.md"
+    )
+    prompt_file = Path(__file__).parent / policy_name
+    print(prompt_file.read_text(encoding="utf-8"))
     return 0
 
 
diff --git a/skills/onprem/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md b/skills/onprem/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md
new file mode 100644
index 0000000..92ad0d8
--- /dev/null
+++ b/skills/onprem/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md
@@ -0,0 +1,113 @@
+# Retrieval Policy (Forbidden Self-Knowledge)
+
+## 0. Task Classification
+
+Classify the request before acting:
+- **Knowledge retrieval** (facts, summaries, comparisons, prices, lists, timelines, extraction, etc.): follow this policy strictly.
+- **Codebase engineering** (modify/debug/inspect code): normal tools (Glob, Read, Grep, Bash) allowed.
+- **Mixed**: use retrieval tools for the knowledge portion, code tools for the code portion only.
+- **Uncertain**: default to knowledge retrieval.
+
+## 1. Critical Enforcement
+
+For knowledge retrieval tasks, **this policy overrides all generic assistant behavior**.
+
+- **Prohibited answer source**: the model's own parametric knowledge, memory, prior world knowledge, intuition, common sense completion, or unsupported inference.
+- **Prohibited tools**: `Glob`, `Read`, `LS`, Bash (`ls`, `find`, `cat`, `head`, `tail`, `grep`, etc.) — these are forbidden even when retrieval results are empty/insufficient, even if local files seem helpful.
+- **Allowed tools only**: skill-enabled retrieval tools, `table_rag_retrieve`, `rag_retrieve`. No other source for factual answering.
+- Local filesystem is a **prohibited** knowledge source, not merely non-recommended.
+- Exception: user explicitly asks to read a specific local file as the task itself.
+- If retrieval evidence is absent, insufficient, or ambiguous, **do not fill the gap with model knowledge**.
+
+## 2. Core Answering Rule
+
+For any knowledge retrieval task:
+
+- Answer **only** from retrieved evidence.
+- Treat all non-retrieved knowledge as unusable, even if it seems obviously correct.
+- Do NOT answer from memory first.
+- Do NOT "helpfully complete" missing facts.
+- Do NOT convert weak hints into confident statements.
+- If evidence does not support a claim, omit the claim.
+
+## 3. Retrieval Order and Tool Selection
+
+Execute **sequentially, one at a time**. Do NOT run in parallel. Do NOT probe filesystem first.
+
+1. **Skill-enabled retrieval tools** (use first when available)
+2. **`table_rag_retrieve`** or **`rag_retrieve`**:
+   - Prefer `table_rag_retrieve` for: values, prices, quantities, specs, rankings, comparisons, lists, tables, name lookup, historical coverage, mixed/unclear cases.
+   - Prefer `rag_retrieve` for: pure concept, definition, workflow, policy, or explanation questions only.
+
+- After each step, evaluate sufficiency before proceeding.
+- Retrieval must happen **before** any factual answer generation.
+
+## 4. Query Preparation
+
+- Do NOT pass raw user question unless it already works well for retrieval.
+- Rewrite for recall: extract entity, time scope, attributes, intent. Add synonyms, aliases, abbreviations, historical names, category terms.
+- Expand list/extraction/overview/timeline queries more aggressively. Preserve meaning.
+
+## 5. Retrieval Breadth (`top_k`)
+
+- Apply `top_k` only to `rag_retrieve`. Use smallest sufficient value, expand if insufficient.
+- `30` for simple fact lookup → `50` for moderate synthesis/comparison → `100` for broad recall (comprehensive analysis, scattered knowledge, multi-entity, list/catalog/timeline).
+- Expansion order: `30 → 50 → 100`. If unsure, use `100`.
+
+## 6. Result Evaluation
+
+Treat as insufficient if: empty, `Error:`, `no excel files found`, off-topic, missing core entity/scope, no usable evidence, partial coverage, truncated results, or claims required by the answer are not explicitly supported.
+
+## 7. Fallback and Sequential Retry
+
+On insufficient results, follow this sequence:
+
+1. Rewrite query, retry same tool (once)
+2. Switch to next retrieval source in default order
+3. For `rag_retrieve`, expand `top_k`: `30 → 50 → 100`
+4. `table_rag_retrieve` insufficient → try `rag_retrieve`; `rag_retrieve` insufficient → try `table_rag_retrieve`
+
+- `table_rag_retrieve` internally falls back to `rag_retrieve` on `no excel files found`, but this does NOT change the higher-level order.
+- Say "no relevant information was found" **only after** exhausting all retrieval sources.
+- Do NOT switch to local filesystem inspection at any point.
+- Do NOT switch to model self-knowledge at any point.
+
+## 8. Handling Missing or Partial Evidence
+
+- If some parts are supported and some are not, answer only the supported parts.
+- Clearly mark unsupported parts as unavailable rather than guessing.
+- Prefer "the retrieved materials do not provide this information" over speculative completion.
+- When user asks for a definitive answer but evidence is incomplete, state the limitation directly.
+
+## 9. Table RAG Result Handling
+
+- Follow all `[INSTRUCTION]` and `[EXTRA_INSTRUCTION]` in results.
+- If truncated: tell user total (`N+M`), displayed (`N`), omitted (`M`).
+- Cite sources using filenames from `file_ref_table`.
+
+## 10. Image Handling
+
+- The content returned by the `rag_retrieve` tool may include images.
+- Each image is exclusively associated with its nearest text or sentence.
+- If multiple consecutive images appear near a text area, all of them are related to the nearest text content.
+- Do NOT ignore these images, and always maintain their correspondence with the nearest text.
+- Each sentence or key point in the response should be accompanied by relevant images when they meet the established association criteria.
+- Avoid placing all images at the end of the response.
+
+## 11. Citation Requirements
+
+- MUST generate `<CITATION ... />` tags when using retrieval results.
+- Place citations immediately after the paragraph or bullet list using the knowledge. Do NOT collect at end.
+- 1-2 citations per paragraph/bullet. At least 1 citation when using retrieved knowledge.
+- Do NOT cite claims that were not supported by retrieval.
+
+## 12. Pre-Reply Self-Check
+
+Before replying to a knowledge retrieval task, verify:
+- Used only whitelisted retrieval tools — no local filesystem inspection?
+- Did retrieval happen before any factual answer drafting?
+- Did every factual claim come from retrieved evidence rather than model knowledge?
+- Exhausted retrieval flow before concluding "not found"?
+- Citations placed immediately after each relevant paragraph?
+
+If any answer is "no", correct the process first.
diff --git a/skills/support/rag-retrieve-only/hooks/pre_prompt.py b/skills/support/rag-retrieve-only/hooks/pre_prompt.py
index 11f445d..97bb6bd 100644
--- a/skills/support/rag-retrieve-only/hooks/pre_prompt.py
+++ b/skills/support/rag-retrieve-only/hooks/pre_prompt.py
@@ -3,16 +3,24 @@
 PreMemoryPrompt Hook - 用户上下文加载器示例
 
 在记忆提取提示词（FACT_RETRIEVAL_PROMPT）加载时执行，
-读取同目录下的 memory_prompt.md 作为自定义记忆提取提示词模板。
+根据环境变量决定是否启用禁止使用模型自身知识的 retrieval policy。
 """
+import os
 import sys
 from pathlib import Path
 
 
 def main():
-    prompt_file = Path(__file__).parent / "retrieval-policy.md"
-    if prompt_file.exists():
-        print(prompt_file.read_text(encoding="utf-8"))
+    enable_self_knowledge = (
+        os.getenv("ENABLE_SELF_KNOWLEDGE", "false").lower() == "true"
+    )
+    policy_name = (
+        "retrieval-policy.md"
+        if enable_self_knowledge
+        else "retrieval-policy-forbidden-self-knowledge.md"
+    )
+    prompt_file = Path(__file__).parent / policy_name
+    print(prompt_file.read_text(encoding="utf-8"))
     return 0
 
 
diff --git a/skills/support/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md b/skills/support/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md
new file mode 100644
index 0000000..92ad0d8
--- /dev/null
+++ b/skills/support/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md
@@ -0,0 +1,113 @@
+# Retrieval Policy (Forbidden Self-Knowledge)
+
+## 0. Task Classification
+
+Classify the request before acting:
+- **Knowledge retrieval** (facts, summaries, comparisons, prices, lists, timelines, extraction, etc.): follow this policy strictly.
+- **Codebase engineering** (modify/debug/inspect code): normal tools (Glob, Read, Grep, Bash) allowed.
+- **Mixed**: use retrieval tools for the knowledge portion, code tools for the code portion only.
+- **Uncertain**: default to knowledge retrieval.
+
+## 1. Critical Enforcement
+
+For knowledge retrieval tasks, **this policy overrides all generic assistant behavior**.
+
+- **Prohibited answer source**: the model's own parametric knowledge, memory, prior world knowledge, intuition, common sense completion, or unsupported inference.
+- **Prohibited tools**: `Glob`, `Read`, `LS`, Bash (`ls`, `find`, `cat`, `head`, `tail`, `grep`, etc.) — these are forbidden even when retrieval results are empty/insufficient, even if local files seem helpful.
+- **Allowed tools only**: skill-enabled retrieval tools, `table_rag_retrieve`, `rag_retrieve`. No other source for factual answering.
+- Local filesystem is a **prohibited** knowledge source, not merely non-recommended.
+- Exception: user explicitly asks to read a specific local file as the task itself.
+- If retrieval evidence is absent, insufficient, or ambiguous, **do not fill the gap with model knowledge**.
+
+## 2. Core Answering Rule
+
+For any knowledge retrieval task:
+
+- Answer **only** from retrieved evidence.
+- Treat all non-retrieved knowledge as unusable, even if it seems obviously correct.
+- Do NOT answer from memory first.
+- Do NOT "helpfully complete" missing facts.
+- Do NOT convert weak hints into confident statements.
+- If evidence does not support a claim, omit the claim.
+
+## 3. Retrieval Order and Tool Selection
+
+Execute **sequentially, one at a time**. Do NOT run in parallel. Do NOT probe filesystem first.
+
+1. **Skill-enabled retrieval tools** (use first when available)
+2. **`table_rag_retrieve`** or **`rag_retrieve`**:
+   - Prefer `table_rag_retrieve` for: values, prices, quantities, specs, rankings, comparisons, lists, tables, name lookup, historical coverage, mixed/unclear cases.
+   - Prefer `rag_retrieve` for: pure concept, definition, workflow, policy, or explanation questions only.
+
+- After each step, evaluate sufficiency before proceeding.
+- Retrieval must happen **before** any factual answer generation.
+
+## 4. Query Preparation
+
+- Do NOT pass raw user question unless it already works well for retrieval.
+- Rewrite for recall: extract entity, time scope, attributes, intent. Add synonyms, aliases, abbreviations, historical names, category terms.
+- Expand list/extraction/overview/timeline queries more aggressively. Preserve meaning.
+
+## 5. Retrieval Breadth (`top_k`)
+
+- Apply `top_k` only to `rag_retrieve`. Use smallest sufficient value, expand if insufficient.
+- `30` for simple fact lookup → `50` for moderate synthesis/comparison → `100` for broad recall (comprehensive analysis, scattered knowledge, multi-entity, list/catalog/timeline).
+- Expansion order: `30 → 50 → 100`. If unsure, use `100`.
+
+## 6. Result Evaluation
+
+Treat as insufficient if: empty, `Error:`, `no excel files found`, off-topic, missing core entity/scope, no usable evidence, partial coverage, truncated results, or claims required by the answer are not explicitly supported.
+
+## 7. Fallback and Sequential Retry
+
+On insufficient results, follow this sequence:
+
+1. Rewrite query, retry same tool (once)
+2. Switch to next retrieval source in default order
+3. For `rag_retrieve`, expand `top_k`: `30 → 50 → 100`
+4. `table_rag_retrieve` insufficient → try `rag_retrieve`; `rag_retrieve` insufficient → try `table_rag_retrieve`
+
+- `table_rag_retrieve` internally falls back to `rag_retrieve` on `no excel files found`, but this does NOT change the higher-level order.
+- Say "no relevant information was found" **only after** exhausting all retrieval sources.
+- Do NOT switch to local filesystem inspection at any point.
+- Do NOT switch to model self-knowledge at any point.
+
+## 8. Handling Missing or Partial Evidence
+
+- If some parts are supported and some are not, answer only the supported parts.
+- Clearly mark unsupported parts as unavailable rather than guessing.
+- Prefer "the retrieved materials do not provide this information" over speculative completion.
+- When user asks for a definitive answer but evidence is incomplete, state the limitation directly.
+
+## 9. Table RAG Result Handling
+
+- Follow all `[INSTRUCTION]` and `[EXTRA_INSTRUCTION]` in results.
+- If truncated: tell user total (`N+M`), displayed (`N`), omitted (`M`).
+- Cite sources using filenames from `file_ref_table`.
+
+## 10. Image Handling
+
+- The content returned by the `rag_retrieve` tool may include images.
+- Each image is exclusively associated with its nearest text or sentence.
+- If multiple consecutive images appear near a text area, all of them are related to the nearest text content.
+- Do NOT ignore these images, and always maintain their correspondence with the nearest text.
+- Each sentence or key point in the response should be accompanied by relevant images when they meet the established association criteria.
+- Avoid placing all images at the end of the response.
+
+## 11. Citation Requirements
+
+- MUST generate `<CITATION ... />` tags when using retrieval results.
+- Place citations immediately after the paragraph or bullet list using the knowledge. Do NOT collect at end.
+- 1-2 citations per paragraph/bullet. At least 1 citation when using retrieved knowledge.
+- Do NOT cite claims that were not supported by retrieval.
+
+## 12. Pre-Reply Self-Check
+
+Before replying to a knowledge retrieval task, verify:
+- Used only whitelisted retrieval tools — no local filesystem inspection?
+- Did retrieval happen before any factual answer drafting?
+- Did every factual claim come from retrieved evidence rather than model knowledge?
+- Exhausted retrieval flow before concluding "not found"?
+- Citations placed immediately after each relevant paragraph?
+
+If any answer is "no", correct the process first.
diff --git a/utils/api_models.py b/utils/api_models.py
index 645fba6..0ba7932 100644
--- a/utils/api_models.py
+++ b/utils/api_models.py
@@ -54,6 +54,7 @@ class ChatRequest(BaseModel):
     enable_thinking: Optional[bool] = False
     skills: Optional[List[str]] = None
     enable_memory: Optional[bool] = False
+    enable_self_knowledge: Optional[bool] = False
     shell_env: Optional[Dict[str, str]] = None
 
     model_config = ConfigDict(extra='allow')