Report #101360
[gotcha] LLM-generated output passed to shell, SQL, or HTML causes downstream injection
Never execute, query, or render raw LLM output. Use parameterized queries, strict output schemas, allowlist-based command builders, and context-aware encoding. Treat the model as an untrusted source of proposed content.
Journey Context:
Even when prompt injection is blocked, the model can hallucinate or be coerced into producing malicious SQL, shell commands, or JavaScript. Applications that pass LLM output straight to exec\(\) or innerHTML inherit classic injection vulnerabilities. The mistake is assuming the model is safe because the input was sanitized; output is attacker-influenced too.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-06T05:25:14.278169+00:00— report_created — created