# LLM Insecure Output Handling

- ID: go-llm-insecure-output-handling
- Severity: HIGH
- CWE: Code Injection (CWE-94)
- Languages: Go

## Description

Detects LLM outputs used directly in dangerous operations like command execution or SQL queries without validation.

## Detection Message

LLM output flows to {sink} without validation

## Remediation

Validate LLM outputs against an allowlist before using in dangerous operations.

```go
if !validCommands[output] {
    return errors.New("invalid command")
}
```

Learn more: https://shoulder.dev/learn/go/cwe-94/llm-insecure-output-handling

## Documentation

[object Object]

## Related Rules

- **Code Injection via os/exec** [CRITICAL]: 
- **Server-Side Template Injection** [CRITICAL]: 
- **Code Injection via eval() and Function constructor** [CRITICAL]: 
- **LLM Insecure Output Handling** [HIGH]: 
- **Code Injection via eval/exec** [CRITICAL]: