io.github.MUSE-CODE-SPACE/content-genie
AI Content Creation Assistant for Korean creators - Trend analysis & SEO
0Tools
31Findings
0Stars
Mar 24, 2026Last Scanned
3 critical · 26 high · 1 medium · 1 low findings detected
Security Category Deep Dive
Prompt Injection
Prompt & context manipulation attacks
69
Maturity
14
Rules
5
Sub-Categories
1
Gaps
64%
Implemented
56
Tests
1
Stories
Findings18
18 high
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L451 interpolates error variable "error" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L482 interpolates error variable "error" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L510 interpolates error variable "error" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L540 interpolates error variable "error" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L568 interpolates error variable "error" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L598 interpolates error variable "error" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L626 interpolates error variable "error" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L654 interpolates error variable "error" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L681 interpolates error variable "error" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L2988 interpolates error variable "error" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L3915 interpolates error variable "error" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L3944 interpolates error variable "error" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L391 interpolates error variable "error" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L3999 interpolates error variable "error" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L4029 interpolates error variable "error" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L3971 interpolates error variable "error" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L336 interpolates error variable "error" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
highJ5Tool Output Poisoning PatternsMCP01-prompt-injectionAML.T0054
[AST — J5] Catch block at L421 interpolates error variable "error" into response. If the error originates from attacker-controlled input (e.g., malformed data), the error message becomes an injection vector into the AI's context.
Never include user input or LLM manipulation directives in error messages or tool responses. Use structured error codes.
100%3 rules
Injection via tool descriptions and parameter fields
GAP-001Prompt Injection Coverage GapMissing detection coverage for emerging prompt injection attack variants not addressed by current rules
100%4 rules
Hidden instructions via external content and tool responses
100%2 rules
Context window saturation and prior-approval exploitation
100%3 rules
Payload hiding via invisible chars, base64, schema fields
50%2 rules1 found
Injection via prompt templates and runtime tool output