Formatting bug in PR review comment #100
Description
Related to #99 because the screenshot below is from the same repo and setup.
branbaratheon/ai-student-assistant#8 (review)
A comment left by the GitHub App named devfest-demo, which is powered by Gemini CLI security extension GitHub Action, has a formatting bug. The < and > tags don't get displayed correctly in review comments.
<SUMMARY>
## 📋 Review Summary
This pull request correctly fixes a critical XSS vulnerability in the chat interface by replacing `innerHTML` with `textContent`. The change is effective and follows security best practices for rendering user-provided content.
## 🔍 General Feedback
While the primary goal of this PR is achieved, a review of the related backend code in `main.py` revealed several critical security vulnerabilities that should be addressed immediately:
- **Prompt Injection:** The user-provided message is directly concatenated into the prompt sent to the language model. This creates a prompt injection vulnerability, where a malicious user could override the system prompt and manipulate the model's behavior. All user input should be properly sanitized or handled in a way that prevents it from being interpreted as instructions.
- **Sensitive Data Exposure:** The entire content of `database.py`, including student grades, is sent to the language model as part of the prompt. While the system prompt instructs the model not to reveal grades, this is not a reliable security control. The model could still be tricked into revealing this confidential data through prompt injection. Sensitive data should not be included in prompts. Instead, the backend should query the database for specific information and only provide the necessary, non-sensitive data to the model.
</SUMMARY>