Cyber-physical industrial systems integrate physical equipment, embedded control, operational software, business workflows, and human decision making. When cyberattacks disturb this integration, risk rarely remains inside a single device or a single control loop. It moves across process variables, unsafe control actions, task failures, alarms, operator responses, and production objectives. Large language models offer a promising way to accelerate causal risk analysis because they can convert heterogeneous engineering descriptions into structured candidate scenarios. However, unconstrained generation may also create unsupported nodes, illegal causal jumps, ambiguous terminology, and outputs that cannot be mapped into quantitative risk models. This paper develops a constraint-guided LLM reasoning framework for causal risk propagation in cyber-physical industrial systems. The framework combines five constraint families: structural consistency, task-topology validity, semantic typing, evidence traceability, and computable output formatting. These constraints guide the model from system knowledge and attack evidence toward auditable causal chains and Bayesian-network-ready tables. A synthetic benchmark involving 24 cyber-physical risk scenarios across four industrial settings is used to evaluate the framework. The results show that constraint-guided reasoning improves causal validity from 0.58 to 0.82 compared with unconstrained prompting, increases Bayesian-network capability from 0.43 to 0.76, and reduces hallucinated or unsupported causal items by more than half. Adding retrieval support and review calibration further improves causal validity to 0.92. The study contributes an actionable design for integrating LLM reasoning into industrial safety analytics without treating generated text as authoritative evidence. It also provides implementation guidance for AI-assisted STPA, FMEA, process-risk modeling, and risk-informed decision support in industrial cyber-physical environments.