Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lack of input validation for prompt #247

Open
ka1hatsu opened this issue Jan 28, 2025 · 1 comment
Open

Lack of input validation for prompt #247

ka1hatsu opened this issue Jan 28, 2025 · 1 comment

Comments

@ka1hatsu
Copy link

ka1hatsu commented Jan 28, 2025
edited
Loading

Lack of Input Validation for prompt

https://github.com/sendaifun/solana-agent-kit/blob/main/src/tools/agent/get_info.ts

Issue: The prompt parameter is directly used in the messages array without any validation. This could lead to potential misuse or injection attacks if the input comes from an untrusted source.

Example Vulnerability: If a user injects malicious instructions into the prompt, the model could return unintended outputs (e.g. instructions for harmful actions).

Mitigation: Sanitize and validate the prompt input.

For example:

if (typeof prompt !== "string" || prompt.length > 1000) {
  throw new Error("Invalid prompt input");

}
@michaelessiet
Copy link
Collaborator

Hey @ka1hatsu , how do you recommend we implement sanitization?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@michaelessiet @ka1hatsu