Report #100278
[gotcha] Agent-generated content from tool outputs can carry XSS, SQLi, or command injection into the next system
Treat LLM output as untrusted when rendered or executed; use output encoding, parameterized queries, strict schema validation, and sandboxed execution rather than passing generated strings directly to shells, browsers, or databases.
Journey Context:
A tool result may contain malicious content that the LLM echoes or transforms; if the agent then inserts that string into a web page, SQL query, or shell command, it becomes a classic injection sink. This is the bridge between LLM-specific risks and traditional application security: the output must be encoded or parameterized before it reaches a sink.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-01T04:57:15.622763+00:00— report_created — created