Part of #32: Security Hardening - API Key Storage and Input Sanitization
Scope
Sanitize user prompts and code context before sending to LLM APIs to prevent prompt injection and information leakage.
What to do
- Identify all places where user input or code context is assembled into API requests
- Strip or escape potentially dangerous patterns (e.g., system prompt overrides, delimiter injection)
- Ensure file paths, environment variables, and other system information are not inadvertently included in context
- Add configurable context size limits to prevent sending entire large files
- Consider a "review before send" option for sensitive contexts
Acceptance criteria
- User input is sanitized before inclusion in API requests
- No system environment information leaks into prompts unintentionally
- Context size is bounded to prevent excessive data transmission
- Sanitization is centralized (not duplicated across 9 modules)
Part of #32: Security Hardening - API Key Storage and Input Sanitization
Scope
Sanitize user prompts and code context before sending to LLM APIs to prevent prompt injection and information leakage.
What to do
Acceptance criteria