# LLM Insecure Output Handling

- ID: javascript-llm-insecure-output-handling
- Severity: HIGH
- CWE: Code Injection (CWE-94)
- Languages: JavaScript, TypeScript
- Frameworks: express, fastify, nodejs

## Description

Detects LLM/AI outputs being used directly in dangerous operations without proper
validation or sanitization. OWASP LLM02 - Insecure Output Handling.

LLM outputs should be treated as untrusted input since:
- Prompt injection attacks can manipulate AI responses
- LLMs can hallucinate and produce unexpected outputs
- Model behavior may change between versions

Dangerous operations include:
- Code execution (eval, Function, vm.runInContext)
- Command execution (exec, spawn, execSync)
- SQL queries (database operations)
- HTML rendering (innerHTML, document.write)
- File operations (writeFile, unlink)
- Network requests (fetch, axios with LLM-generated URLs)

## Detection Message

LLM output flows directly to {sink} without validation.
This allows prompt injection attacks to execute arbitrary operations.

## Remediation

Validate LLM outputs against expected formats before using in dangerous operations.

```javascript
const content = response.choices[0].message.content;
if (!/^[a-zA-Z0-9\s]+$/.test(content)) {
  throw new Error('Invalid format');
}
```

Learn more: https://shoulder.dev/learn/javascript/cwe-94/llm-insecure-output-handling

## Documentation

[object Object]

## Related Rules

- **Code Injection via os/exec** [CRITICAL]: 
- **LLM Insecure Output Handling** [HIGH]: 
- **Server-Side Template Injection** [CRITICAL]: 
- **Code Injection via eval() and Function constructor** [CRITICAL]: 
- **Code Injection via eval/exec** [CRITICAL]: