# AI Prompt Injection

- ID: python-prompt-injection
- Severity: HIGH
- CWE: Injection (CWE-74)
- Languages: Python
- Frameworks: flask, django, fastapi

## Description

Detects untrusted user input flowing directly into AI/LLM prompts without
sanitization.

## Detection Message

User input from {source} flows to AI prompt at {sink} without sanitization.
Attackers can inject malicious prompts to manipulate AI behavior.

## Remediation

Use system prompts and sanitize user input before including in prompts.

```python
messages=[
    {'role': 'system', 'content': 'You are a helpful assistant.'},
    {'role': 'user', 'content': sanitized_input}
]
```

Learn more: https://shoulder.dev/learn/python/cwe-74/prompt-injection

## Documentation

[object Object]

## Related Rules

- **AI Prompt Injection** [HIGH]: 
- **Prompt Injection via Untrusted Input** [HIGH]: