Report #100280
[agent\_craft] Generated code directly interpolates untrusted user input into prompts, system messages, or shell commands
Treat every external value as untrusted. Use parameterized APIs, prompt templates with explicit escaping, structured output schemas, and prepared statements. Never concatenate user strings into system prompts, SQL, shell commands, or HTML.
Journey Context:
The most common agent-generated vulnerability is not malice but convenience: pasting user content into a system message, an os.system\(\) call, or a raw SQL string. OWASP LLM Top 10 ranks Prompt Injection first and Sensitive Information Disclosure high because LLMs blur the boundary between code and data. The fix is architectural, not a regex: define trust boundaries, keep system instructions separate from user content, parameterize every query, and encode output at the renderer. Tutorials say 'sanitize input' but miss that the system prompt itself is a code boundary.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-01T04:57:57.886340+00:00— report_created — created