# Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74) The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. - Prevalence: High Frequently exploited - Impact: High 3 high-severity rules - Prevention: Documented 3 fix examples **OWASP:** Injection (A03:2021-Injection) - #3 ## Description Software has certain assumptions about what constitutes data and control. Injection problems occur when these assumptions are violated. Attackers exploit this by inserting special characters or instructions that modify the intended interpretation. ## Prevention Prevention strategies for Injection based on 3 Shoulder detection rules. ### Go Use structured prompts with clear system/user boundaries and sanitize user input ### Node.js Use system prompts with strict boundaries, sanitize and limit user input before including in AI prompts ### Python Use system prompts, input sanitization, and length limits for user input to AI models ## Warning Signs - [HIGH] User input flows to ... without sanitization - [HIGH] user input flowing to LLM prompts without sanitization - [HIGH] user input flowing directly into AI/LLM prompts without sanitization - [HIGH] untrusted user input flowing directly into AI/LLM prompts without sanitization ## Consequences - Execute Unauthorized Code - Read Application Data - Modify Application Data - Bypass Protection Mechanism ## Mitigations - Use parameterized interfaces that separate code from data - Validate and encode all input before use in downstream components - Use allowlists for input validation where possible ## Detection - Total rules: 3 - Languages: go, javascript, typescript, python ## Rules by Language ### Go (1 rules) - **AI Prompt Injection** [HIGH]: Detects user input flowing to LLM prompts without sanitization. - Remediation: Sanitize user input and use structured prompts with clear system/user boundaries. ```go sanitized := sanitize(userInput) messages := []openai.ChatCompletionMessage{ {Role: "system", Content: systemPrompt}, {Role: "user", Content: sanitized}, } ``` Learn more: https://shoulder.dev/learn/go/cwe-74/prompt-injection ### Javascript (1 rules) - **Prompt Injection via Untrusted Input** [HIGH]: Detects user input flowing directly into AI/LLM prompts without sanitization. - Remediation: Use system prompts and sanitize user input with length limits before including in prompts. ```javascript const sanitized = userInput.substring(0, 500); const messages = [ { role: 'system', content: 'Answer only about products.' }, { role: 'user', content: sanitized } ]; ``` Learn more: https://shoulder.dev/learn/javascript/cwe-74/prompt-injection ### Typescript (1 rules) - **Prompt Injection via Untrusted Input** [HIGH]: Detects user input flowing directly into AI/LLM prompts without sanitization. - Remediation: Use system prompts and sanitize user input with length limits before including in prompts. ```javascript const sanitized = userInput.substring(0, 500); const messages = [ { role: 'system', content: 'Answer only about products.' }, { role: 'user', content: sanitized } ]; ``` Learn more: https://shoulder.dev/learn/javascript/cwe-74/prompt-injection ### Python (1 rules) - **AI Prompt Injection** [HIGH]: Detects untrusted user input flowing directly into AI/LLM prompts without sanitization. - Remediation: Use system prompts and sanitize user input before including in prompts. ```python messages=[ {'role': 'system', 'content': 'You are a helpful assistant.'}, {'role': 'user', 'content': sanitized_input} ] ``` Learn more: https://shoulder.dev/learn/python/cwe-74/prompt-injection