MIR0804
TaintedLlmPrompt
Tainted input reaches a @taint-sink llm_prompt parameter without sanitization.
Example
Section titled “Example”<?php$prompt = $_GET['q'];$llm->complete($prompt); // TaintedLlmPromptHow to fix
Section titled “How to fix”Validate or sanitize untrusted input before building an LLM prompt.