# LLM Insecure Plugin Design

- ID: go-llm-insecure-plugin
- Severity: HIGH
- CWE: Improper Access Control (CWE-284)
- Languages: Go

## Description

Detects insecure plugin/function calling implementations in AI/LLM systems without proper validation.

## Detection Message

Insecure plugin implementation: {issue_type}

## Remediation

Validate tool inputs against strict schemas and use an allowlist for permitted tools.

```go
if _, ok := toolRegistry[toolCall.Name]; !ok {
    return errors.New("unknown tool")
}
```

Learn more: https://shoulder.dev/learn/go/cwe-284/llm-insecure-plugin

## Documentation

[object Object]

## Related Rules

- **LLM Insecure Plugin Design** [HIGH]: 
- **Missing Network Policy** [MEDIUM]: 
- **LLM Insecure Plugin Design** [HIGH]: