Skip to content

Add input sanitization for prompts and context sent to LLMs #92

Description

@sfloess

Part of #32: Security Hardening - API Key Storage and Input Sanitization

Scope

Sanitize user prompts and code context before sending to LLM APIs to prevent prompt injection and information leakage.

What to do

  • Identify all places where user input or code context is assembled into API requests
  • Strip or escape potentially dangerous patterns (e.g., system prompt overrides, delimiter injection)
  • Ensure file paths, environment variables, and other system information are not inadvertently included in context
  • Add configurable context size limits to prevent sending entire large files
  • Consider a "review before send" option for sensitive contexts

Acceptance criteria

  • User input is sanitized before inclusion in API requests
  • No system environment information leaks into prompts unintentionally
  • Context size is bounded to prevent excessive data transmission
  • Sanitization is centralized (not duplicated across 9 modules)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions