From c444f41a3f00f19e7d591eef2b9692cae65c8369 Mon Sep 17 00:00:00 2001
From: Sotiris Dragonas <36576941+BazookaMusic@users.noreply.github.com>
Date: Wed, 17 Jun 2026 14:53:48 +0300
Subject: [PATCH] 1. Enable inline expectations for tests 2. Add annotations
 for sources 2. Fix a modelling issue in the openai library - missing coverage
 for a legacy method when moving to MaDs and a mistake in the
 assistants.create models

---
 javascript/ql/lib/ext/openai.model.yml        |   4 +-
 .../SystemPromptInjection.expected            | 148 ++++++++++--------
 .../SystemPromptInjection.qlref               |   3 +-
 .../SystemPromptInjection/agents_test.js      |   6 +-
 .../SystemPromptInjection/anthropic_test.js   |   6 +-
 .../SystemPromptInjection/gemini_test.js      |  12 +-
 .../SystemPromptInjection/langchain_test.js   |   2 +-
 .../SystemPromptInjection/openai_test.js      |  30 +---
 .../SystemPromptInjection/openrouter_test.js  |   4 +-
 .../UserPromptInjection.expected              | 100 ++++++------
 .../UserPromptInjection.qlref                 |   3 +-
 .../anthropic_user_test.js                    |   2 +-
 .../UserPromptInjection/gemini_user_test.js   |   2 +-
 .../langchain_user_test.js                    |   2 +-
 .../UserPromptInjection/openai_user_test.js   |   2 +-
 .../openrouter_user_test.js                   |   2 +-
 16 files changed, 157 insertions(+), 171 deletions(-)

diff --git a/javascript/ql/lib/ext/openai.model.yml b/javascript/ql/lib/ext/openai.model.yml
index 2f0b41f50ca..a979842e926 100644
--- a/javascript/ql/lib/ext/openai.model.yml
+++ b/javascript/ql/lib/ext/openai.model.yml
@@ -12,7 +12,9 @@ extensions:
       extensible: sinkModel
     data:
       - ["openai.Client", "Member[responses].Member[create].Argument[0].Member[instructions]", "system-prompt-injection"]
-      - ["openai.Client", "Member[beta].Member[assistants].Member[create,update].Argument[0].Member[instructions]", "system-prompt-injection"]
+      - ["openai.Client", "Member[completions].Member[create].Argument[0].Member[prompt]", "system-prompt-injection"]
+      - ["openai.Client", "Member[beta].Member[assistants].Member[create].Argument[0].Member[instructions]", "system-prompt-injection"]
+      - ["openai.Client", "Member[beta].Member[assistants].Member[update].Argument[1].Member[instructions]", "system-prompt-injection"]
       - ["openai.Client", "Member[beta].Member[threads].Member[runs].Member[create].Argument[1].Member[instructions,additional_instructions]", "system-prompt-injection"]
       - ["@openai/agents", "Member[Agent].Argument[0].Member[instructions,handoffDescription]", "system-prompt-injection"]
       - ["@openai/guardrails", "Member[Agent].Argument[0].Member[instructions,handoffDescription]", "system-prompt-injection"]
diff --git a/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/SystemPromptInjection.expected b/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/SystemPromptInjection.expected
index 58060b860b9..d6594252a7e 100644
--- a/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/SystemPromptInjection.expected
+++ b/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/SystemPromptInjection.expected
@@ -1,3 +1,54 @@
+#select
+| agents_test.js:16:19:16:42 | "Talk l ... persona | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:16:19:16:42 | "Talk l ... persona | This system prompt depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| agents_test.js:25:14:25:37 | "Talk l ... persona | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:25:14:25:37 | "Talk l ... persona | This system prompt depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| agents_test.js:32:19:34:5 | return of method instructions | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:32:19:34:5 | return of method instructions | This system prompt depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| agents_test.js:43:25:43:44 | "Handles " + persona | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:43:25:43:44 | "Handles " + persona | This system prompt depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| agents_test.js:51:22:51:43 | "Ask ab ... persona | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:51:22:51:43 | "Ask ab ... persona | This system prompt depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| agents_test.js:59:18:59:48 | "Look u ... persona | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:59:18:59:48 | "Look u ... persona | This system prompt depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| agents_test.js:73:32:73:55 | "Talk l ... persona | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:73:32:73:55 | "Talk l ... persona | This system prompt depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| agents_test.js:81:35:81:58 | "Talk l ... persona | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:81:35:81:58 | "Talk l ... persona | This system prompt depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| agents_test.js:96:32:96:55 | "Talk l ... persona | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:96:32:96:55 | "Talk l ... persona | This system prompt depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| anthropic_test.js:17:13:17:36 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:17:13:17:36 | "Talk l ... persona | This system prompt depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| anthropic_test.js:30:15:30:38 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:30:15:30:38 | "Talk l ... persona | This system prompt depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| anthropic_test.js:45:18:45:41 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:45:18:45:41 | "Talk l ... persona | This system prompt depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| anthropic_test.js:71:13:71:36 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:71:13:71:36 | "Talk l ... persona | This system prompt depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| anthropic_test.js:84:15:84:38 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:84:15:84:38 | "Talk l ... persona | This system prompt depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| anthropic_test.js:99:18:99:41 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:99:18:99:41 | "Talk l ... persona | This system prompt depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| anthropic_test.js:110:13:110:36 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:110:13:110:36 | "Talk l ... persona | This system prompt depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| anthropic_test.js:117:13:117:36 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:117:13:117:36 | "Talk l ... persona | This system prompt depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| anthropic_test.js:148:13:148:30 | systemMsg2.content | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:148:13:148:30 | systemMsg2.content | This system prompt depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| gemini_test.js:18:26:18:49 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:18:26:18:49 | "Talk l ... persona | This system prompt depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| gemini_test.js:30:25:30:48 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:30:25:30:48 | "Talk l ... persona | This system prompt depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| gemini_test.js:59:26:59:49 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:59:26:59:49 | "Talk l ... persona | This system prompt depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| gemini_test.js:85:26:85:49 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:85:26:85:49 | "Talk l ... persona | This system prompt depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| gemini_test.js:95:26:95:49 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:95:26:95:49 | "Talk l ... persona | This system prompt depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| gemini_test.js:105:26:105:49 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:105:26:105:49 | "Talk l ... persona | This system prompt depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| langchain_test.js:16:37:16:60 | "Talk l ... persona | langchain_test.js:9:19:9:35 | req.query.persona | langchain_test.js:16:37:16:60 | "Talk l ... persona | This system prompt depends on a $@. | langchain_test.js:9:19:9:35 | req.query.persona | user-provided value |
+| langchain_test.js:19:14:19:37 | "Talk l ... persona | langchain_test.js:9:19:9:35 | req.query.persona | langchain_test.js:19:14:19:37 | "Talk l ... persona | This system prompt depends on a $@. | langchain_test.js:9:19:9:35 | req.query.persona | user-provided value |
+| langchain_test.js:25:19:25:42 | "Talk l ... persona | langchain_test.js:9:19:9:35 | req.query.persona | langchain_test.js:25:19:25:42 | "Talk l ... persona | This system prompt depends on a $@. | langchain_test.js:9:19:9:35 | req.query.persona | user-provided value |
+| openai_test.js:19:19:19:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:19:19:19:42 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
+| openai_test.js:29:18:29:41 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:29:18:29:41 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
+| openai_test.js:44:18:44:41 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:44:18:44:41 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
+| openai_test.js:68:18:68:41 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:68:18:68:41 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
+| openai_test.js:83:18:83:41 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:83:18:83:41 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
+| openai_test.js:97:19:97:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:97:19:97:42 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
+| openai_test.js:110:18:110:41 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:110:18:110:41 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
+| openai_test.js:120:13:120:36 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:120:13:120:36 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
+| openai_test.js:129:19:129:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:129:19:129:42 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
+| openai_test.js:134:19:134:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:134:19:134:42 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
+| openai_test.js:140:19:140:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:140:19:140:42 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
+| openai_test.js:146:30:146:58 | "Also t ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:146:30:146:58 | "Also t ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
+| openai_test.js:152:14:152:37 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:152:14:152:37 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
+| openai_test.js:164:32:164:55 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:164:32:164:55 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
+| openrouter_test.js:23:18:23:41 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:23:18:23:41 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
+| openrouter_test.js:38:18:38:41 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:38:18:38:41 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
+| openrouter_test.js:52:19:52:42 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:52:19:52:42 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
+| openrouter_test.js:78:18:78:41 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:78:18:78:41 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
+| openrouter_test.js:88:19:88:42 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:88:19:88:42 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
+| openrouter_test.js:98:18:98:41 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:98:18:98:41 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
+| openrouter_test.js:109:18:109:41 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:109:18:109:41 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
+| openrouter_test.js:118:19:118:42 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:118:19:118:42 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
+| openrouter_test.js:125:18:125:41 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:125:18:125:41 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
 edges
 | agents_test.js:8:9:8:15 | persona | agents_test.js:16:36:16:42 | persona | provenance |  |
 | agents_test.js:8:9:8:15 | persona | agents_test.js:43:38:43:44 | persona | provenance |  |
@@ -79,11 +130,13 @@ edges
 | openai_test.js:11:9:11:15 | persona | openai_test.js:83:35:83:41 | persona | provenance |  |
 | openai_test.js:11:9:11:15 | persona | openai_test.js:97:36:97:42 | persona | provenance |  |
 | openai_test.js:11:9:11:15 | persona | openai_test.js:110:35:110:41 | persona | provenance |  |
-| openai_test.js:11:9:11:15 | persona | openai_test.js:141:36:141:42 | persona | provenance |  |
-| openai_test.js:11:9:11:15 | persona | openai_test.js:152:36:152:42 | persona | provenance |  |
-| openai_test.js:11:9:11:15 | persona | openai_test.js:158:52:158:58 | persona | provenance |  |
-| openai_test.js:11:9:11:15 | persona | openai_test.js:164:31:164:37 | persona | provenance |  |
-| openai_test.js:11:9:11:15 | persona | openai_test.js:192:49:192:55 | persona | provenance |  |
+| openai_test.js:11:9:11:15 | persona | openai_test.js:120:30:120:36 | persona | provenance |  |
+| openai_test.js:11:9:11:15 | persona | openai_test.js:129:36:129:42 | persona | provenance |  |
+| openai_test.js:11:9:11:15 | persona | openai_test.js:134:36:134:42 | persona | provenance |  |
+| openai_test.js:11:9:11:15 | persona | openai_test.js:140:36:140:42 | persona | provenance |  |
+| openai_test.js:11:9:11:15 | persona | openai_test.js:146:52:146:58 | persona | provenance |  |
+| openai_test.js:11:9:11:15 | persona | openai_test.js:152:31:152:37 | persona | provenance |  |
+| openai_test.js:11:9:11:15 | persona | openai_test.js:164:49:164:55 | persona | provenance |  |
 | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:11:9:11:15 | persona | provenance |  |
 | openai_test.js:19:36:19:42 | persona | openai_test.js:19:19:19:42 | "Talk l ... persona | provenance |  |
 | openai_test.js:29:35:29:41 | persona | openai_test.js:29:18:29:41 | "Talk l ... persona | provenance |  |
@@ -92,11 +145,13 @@ edges
 | openai_test.js:83:35:83:41 | persona | openai_test.js:83:18:83:41 | "Talk l ... persona | provenance |  |
 | openai_test.js:97:36:97:42 | persona | openai_test.js:97:19:97:42 | "Talk l ... persona | provenance |  |
 | openai_test.js:110:35:110:41 | persona | openai_test.js:110:18:110:41 | "Talk l ... persona | provenance |  |
-| openai_test.js:141:36:141:42 | persona | openai_test.js:141:19:141:42 | "Talk l ... persona | provenance |  |
-| openai_test.js:152:36:152:42 | persona | openai_test.js:152:19:152:42 | "Talk l ... persona | provenance |  |
-| openai_test.js:158:52:158:58 | persona | openai_test.js:158:30:158:58 | "Also t ... persona | provenance |  |
-| openai_test.js:164:31:164:37 | persona | openai_test.js:164:14:164:37 | "Talk l ... persona | provenance |  |
-| openai_test.js:192:49:192:55 | persona | openai_test.js:192:32:192:55 | "Talk l ... persona | provenance |  |
+| openai_test.js:120:30:120:36 | persona | openai_test.js:120:13:120:36 | "Talk l ... persona | provenance |  |
+| openai_test.js:129:36:129:42 | persona | openai_test.js:129:19:129:42 | "Talk l ... persona | provenance |  |
+| openai_test.js:134:36:134:42 | persona | openai_test.js:134:19:134:42 | "Talk l ... persona | provenance |  |
+| openai_test.js:140:36:140:42 | persona | openai_test.js:140:19:140:42 | "Talk l ... persona | provenance |  |
+| openai_test.js:146:52:146:58 | persona | openai_test.js:146:30:146:58 | "Also t ... persona | provenance |  |
+| openai_test.js:152:31:152:37 | persona | openai_test.js:152:14:152:37 | "Talk l ... persona | provenance |  |
+| openai_test.js:164:49:164:55 | persona | openai_test.js:164:32:164:55 | "Talk l ... persona | provenance |  |
 | openrouter_test.js:12:9:12:15 | persona | openrouter_test.js:23:35:23:41 | persona | provenance |  |
 | openrouter_test.js:12:9:12:15 | persona | openrouter_test.js:38:35:38:41 | persona | provenance |  |
 | openrouter_test.js:12:9:12:15 | persona | openrouter_test.js:52:36:52:42 | persona | provenance |  |
@@ -204,16 +259,20 @@ nodes
 | openai_test.js:97:36:97:42 | persona | semmle.label | persona |
 | openai_test.js:110:18:110:41 | "Talk l ... persona | semmle.label | "Talk l ... persona |
 | openai_test.js:110:35:110:41 | persona | semmle.label | persona |
-| openai_test.js:141:19:141:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
-| openai_test.js:141:36:141:42 | persona | semmle.label | persona |
-| openai_test.js:152:19:152:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
-| openai_test.js:152:36:152:42 | persona | semmle.label | persona |
-| openai_test.js:158:30:158:58 | "Also t ... persona | semmle.label | "Also t ... persona |
-| openai_test.js:158:52:158:58 | persona | semmle.label | persona |
-| openai_test.js:164:14:164:37 | "Talk l ... persona | semmle.label | "Talk l ... persona |
-| openai_test.js:164:31:164:37 | persona | semmle.label | persona |
-| openai_test.js:192:32:192:55 | "Talk l ... persona | semmle.label | "Talk l ... persona |
-| openai_test.js:192:49:192:55 | persona | semmle.label | persona |
+| openai_test.js:120:13:120:36 | "Talk l ... persona | semmle.label | "Talk l ... persona |
+| openai_test.js:120:30:120:36 | persona | semmle.label | persona |
+| openai_test.js:129:19:129:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
+| openai_test.js:129:36:129:42 | persona | semmle.label | persona |
+| openai_test.js:134:19:134:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
+| openai_test.js:134:36:134:42 | persona | semmle.label | persona |
+| openai_test.js:140:19:140:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
+| openai_test.js:140:36:140:42 | persona | semmle.label | persona |
+| openai_test.js:146:30:146:58 | "Also t ... persona | semmle.label | "Also t ... persona |
+| openai_test.js:146:52:146:58 | persona | semmle.label | persona |
+| openai_test.js:152:14:152:37 | "Talk l ... persona | semmle.label | "Talk l ... persona |
+| openai_test.js:152:31:152:37 | persona | semmle.label | persona |
+| openai_test.js:164:32:164:55 | "Talk l ... persona | semmle.label | "Talk l ... persona |
+| openai_test.js:164:49:164:55 | persona | semmle.label | persona |
 | openrouter_test.js:12:9:12:15 | persona | semmle.label | persona |
 | openrouter_test.js:12:19:12:35 | req.query.persona | semmle.label | req.query.persona |
 | openrouter_test.js:23:18:23:41 | "Talk l ... persona | semmle.label | "Talk l ... persona |
@@ -235,52 +294,3 @@ nodes
 | openrouter_test.js:125:18:125:41 | "Talk l ... persona | semmle.label | "Talk l ... persona |
 | openrouter_test.js:125:35:125:41 | persona | semmle.label | persona |
 subpaths
-#select
-| agents_test.js:16:19:16:42 | "Talk l ... persona | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:16:19:16:42 | "Talk l ... persona | This system prompt depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| agents_test.js:25:14:25:37 | "Talk l ... persona | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:25:14:25:37 | "Talk l ... persona | This system prompt depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| agents_test.js:32:19:34:5 | return of method instructions | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:32:19:34:5 | return of method instructions | This system prompt depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| agents_test.js:43:25:43:44 | "Handles " + persona | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:43:25:43:44 | "Handles " + persona | This system prompt depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| agents_test.js:51:22:51:43 | "Ask ab ... persona | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:51:22:51:43 | "Ask ab ... persona | This system prompt depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| agents_test.js:59:18:59:48 | "Look u ... persona | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:59:18:59:48 | "Look u ... persona | This system prompt depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| agents_test.js:73:32:73:55 | "Talk l ... persona | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:73:32:73:55 | "Talk l ... persona | This system prompt depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| agents_test.js:81:35:81:58 | "Talk l ... persona | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:81:35:81:58 | "Talk l ... persona | This system prompt depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| agents_test.js:96:32:96:55 | "Talk l ... persona | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:96:32:96:55 | "Talk l ... persona | This system prompt depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| anthropic_test.js:17:13:17:36 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:17:13:17:36 | "Talk l ... persona | This system prompt depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| anthropic_test.js:30:15:30:38 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:30:15:30:38 | "Talk l ... persona | This system prompt depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| anthropic_test.js:45:18:45:41 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:45:18:45:41 | "Talk l ... persona | This system prompt depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| anthropic_test.js:71:13:71:36 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:71:13:71:36 | "Talk l ... persona | This system prompt depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| anthropic_test.js:84:15:84:38 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:84:15:84:38 | "Talk l ... persona | This system prompt depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| anthropic_test.js:99:18:99:41 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:99:18:99:41 | "Talk l ... persona | This system prompt depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| anthropic_test.js:110:13:110:36 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:110:13:110:36 | "Talk l ... persona | This system prompt depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| anthropic_test.js:117:13:117:36 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:117:13:117:36 | "Talk l ... persona | This system prompt depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| anthropic_test.js:148:13:148:30 | systemMsg2.content | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:148:13:148:30 | systemMsg2.content | This system prompt depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| gemini_test.js:18:26:18:49 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:18:26:18:49 | "Talk l ... persona | This system prompt depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| gemini_test.js:30:25:30:48 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:30:25:30:48 | "Talk l ... persona | This system prompt depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| gemini_test.js:59:26:59:49 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:59:26:59:49 | "Talk l ... persona | This system prompt depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| gemini_test.js:85:26:85:49 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:85:26:85:49 | "Talk l ... persona | This system prompt depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| gemini_test.js:95:26:95:49 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:95:26:95:49 | "Talk l ... persona | This system prompt depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| gemini_test.js:105:26:105:49 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:105:26:105:49 | "Talk l ... persona | This system prompt depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
-| langchain_test.js:16:37:16:60 | "Talk l ... persona | langchain_test.js:9:19:9:35 | req.query.persona | langchain_test.js:16:37:16:60 | "Talk l ... persona | This system prompt depends on a $@. | langchain_test.js:9:19:9:35 | req.query.persona | user-provided value |
-| langchain_test.js:19:14:19:37 | "Talk l ... persona | langchain_test.js:9:19:9:35 | req.query.persona | langchain_test.js:19:14:19:37 | "Talk l ... persona | This system prompt depends on a $@. | langchain_test.js:9:19:9:35 | req.query.persona | user-provided value |
-| langchain_test.js:25:19:25:42 | "Talk l ... persona | langchain_test.js:9:19:9:35 | req.query.persona | langchain_test.js:25:19:25:42 | "Talk l ... persona | This system prompt depends on a $@. | langchain_test.js:9:19:9:35 | req.query.persona | user-provided value |
-| openai_test.js:19:19:19:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:19:19:19:42 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
-| openai_test.js:29:18:29:41 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:29:18:29:41 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
-| openai_test.js:44:18:44:41 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:44:18:44:41 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
-| openai_test.js:68:18:68:41 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:68:18:68:41 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
-| openai_test.js:83:18:83:41 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:83:18:83:41 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
-| openai_test.js:97:19:97:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:97:19:97:42 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
-| openai_test.js:110:18:110:41 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:110:18:110:41 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
-| openai_test.js:141:19:141:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:141:19:141:42 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
-| openai_test.js:152:19:152:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:152:19:152:42 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
-| openai_test.js:158:30:158:58 | "Also t ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:158:30:158:58 | "Also t ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
-| openai_test.js:164:14:164:37 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:164:14:164:37 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
-| openai_test.js:192:32:192:55 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:192:32:192:55 | "Talk l ... persona | This system prompt depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
-| openrouter_test.js:23:18:23:41 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:23:18:23:41 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
-| openrouter_test.js:38:18:38:41 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:38:18:38:41 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
-| openrouter_test.js:52:19:52:42 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:52:19:52:42 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
-| openrouter_test.js:78:18:78:41 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:78:18:78:41 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
-| openrouter_test.js:88:19:88:42 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:88:19:88:42 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
-| openrouter_test.js:98:18:98:41 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:98:18:98:41 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
-| openrouter_test.js:109:18:109:41 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:109:18:109:41 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
-| openrouter_test.js:118:19:118:42 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:118:19:118:42 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
-| openrouter_test.js:125:18:125:41 | "Talk l ... persona | openrouter_test.js:12:19:12:35 | req.query.persona | openrouter_test.js:125:18:125:41 | "Talk l ... persona | This system prompt depends on a $@. | openrouter_test.js:12:19:12:35 | req.query.persona | user-provided value |
diff --git a/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/SystemPromptInjection.qlref b/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/SystemPromptInjection.qlref
index d8ef59e125f..ff955895c9b 100644
--- a/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/SystemPromptInjection.qlref
+++ b/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/SystemPromptInjection.qlref
@@ -1 +1,2 @@
-Security/CWE-1427/SystemPromptInjection.ql
+query: Security/CWE-1427/SystemPromptInjection.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql
diff --git a/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/agents_test.js b/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/agents_test.js
index 1c5cc17bc3c..a24ff173ce1 100644
--- a/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/agents_test.js
+++ b/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/agents_test.js
@@ -5,7 +5,7 @@ const { z } = require("zod");
 const app = express();
 
 app.get("/agents", async (req, res) => {
-  const persona = req.query.persona;
+  const persona = req.query.persona; // $ Source
   const query = req.query.query;
 
   // === Agent constructor: instructions as string ===
@@ -30,8 +30,8 @@ app.get("/agents", async (req, res) => {
   const agent3 = new Agent({
     name: "AsyncDynamic",
     instructions: async (runContext) => {
-      return "Talk like a " + persona; // $ Alert[js/system-prompt-injection]
-    },
+      return "Talk like a " + persona;
+    }, // $ Alert[js/system-prompt-injection]
   });
 
   // === Agent constructor: handoffDescription ===
diff --git a/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/anthropic_test.js b/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/anthropic_test.js
index fc20d8bcbc5..191e707936b 100644
--- a/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/anthropic_test.js
+++ b/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/anthropic_test.js
@@ -5,7 +5,7 @@ const app = express();
 const client = new Anthropic();
 
 app.get("/test", async (req, res) => {
-  const persona = req.query.persona;
+  const persona = req.query.persona; // $ Source
   const query = req.query.query;
 
   // === messages.create: system as string ===
@@ -138,14 +138,14 @@ app.get("/test", async (req, res) => {
   // SHOULD ALERT — tainted data goes into system role; barrier on user role
   // must not suppress the system-role taint path.
   const messages2 = [
-    { role: "system", content: "Talk like a " + persona }, // $ Alert[js/system-prompt-injection]
+    { role: "system", content: "Talk like a " + persona },
     { role: "user", content: query },
   ];
   const systemMsg2 = messages2.find((m) => m.role === "system");
   const m7 = await client.messages.create({
     model: "claude-sonnet-4-20250514",
     max_tokens: 1024,
-    system: systemMsg2.content,
+    system: systemMsg2.content, // $ Alert[js/system-prompt-injection]
     messages: [{ role: "user", content: query }],
   });
 
diff --git a/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/gemini_test.js b/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/gemini_test.js
index 4292b96ce2f..f4b0a69820b 100644
--- a/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/gemini_test.js
+++ b/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/gemini_test.js
@@ -5,7 +5,7 @@ const app = express();
 const ai = new GoogleGenAI({ apiKey: "test-key" });
 
 app.get("/test", async (req, res) => {
-  const persona = req.query.persona;
+  const persona = req.query.persona; // $ Source
   const query = req.query.query;
 
   // === generateContent: systemInstruction ===
@@ -62,18 +62,18 @@ app.get("/test", async (req, res) => {
 
   // === generateImages: prompt ===
 
-  // SHOULD ALERT
+  // SHOULD NOT ALERT - image prompt is a user-prompt-injection sink, not system
   const g5 = await ai.models.generateImages({
     model: "imagen-3.0-generate-002",
-    prompt: "Draw a picture of " + persona, // $ Alert[js/system-prompt-injection]
+    prompt: "Draw a picture of " + persona,
   });
 
   // === editImage: prompt ===
 
-  // SHOULD ALERT
+  // SHOULD NOT ALERT - image prompt is a user-prompt-injection sink, not system
   const g6 = await ai.models.editImage({
     model: "imagen-3.0-capability-001",
-    prompt: "Edit to look like " + persona, // $ Alert[js/system-prompt-injection]
+    prompt: "Edit to look like " + persona,
   });
 
   // === chats.create: systemInstruction ===
@@ -105,7 +105,7 @@ app.get("/test", async (req, res) => {
       systemInstruction: "Talk like a " + persona, // $ Alert[js/system-prompt-injection]
     },
     callbacks: {
-      onmessage: (msg) => {},
+      onmessage: (msg) => { },
     },
   });
 
diff --git a/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/langchain_test.js b/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/langchain_test.js
index f0dc7575d3d..732733eab90 100644
--- a/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/langchain_test.js
+++ b/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/langchain_test.js
@@ -6,7 +6,7 @@ const { createAgent } = require("langchain");
 const app = express();
 
 app.get("/test", async (req, res) => {
-  const persona = req.query.persona;
+  const persona = req.query.persona; // $ Source
   const query = req.query.query;
 
   const chatModel = new ChatOpenAI({ model: "gpt-4" });
diff --git a/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/openai_test.js b/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/openai_test.js
index b5fcf6740d5..de872e0aa92 100644
--- a/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/openai_test.js
+++ b/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/openai_test.js
@@ -8,7 +8,7 @@ const client = new OpenAI();
 const azureClient = new AzureOpenAI();
 
 app.get("/test", async (req, res) => {
-  const persona = req.query.persona;
+  const persona = req.query.persona; // $ Source
   const query = req.query.query;
 
   // === OpenAI Responses API ===
@@ -120,18 +120,6 @@ app.get("/test", async (req, res) => {
     prompt: "Talk like a " + persona, // $ Alert[js/system-prompt-injection]
   });
 
-  // === Images API ===
-
-  // images.generate (SHOULD ALERT)
-  const i1 = await client.images.generate({
-    prompt: "Draw a picture of " + persona, // $ Alert[js/system-prompt-injection]
-  });
-
-  // images.edit (SHOULD ALERT)
-  const i2 = await client.images.edit({
-    prompt: "Edit to look like " + persona, // $ Alert[js/system-prompt-injection]
-  });
-
   // === Assistants API (beta) ===
 
   // assistants.create (SHOULD ALERT)
@@ -170,22 +158,6 @@ app.get("/test", async (req, res) => {
     content: query, // OK - user role
   });
 
-  // === Audio API ===
-
-  // audio.transcriptions.create (SHOULD ALERT)
-  const at1 = await client.audio.transcriptions.create({
-    file: "audio.mp3",
-    model: "whisper-1",
-    prompt: "Transcribe about " + persona, // $ Alert[js/system-prompt-injection]
-  });
-
-  // audio.translations.create (SHOULD ALERT)
-  const atl1 = await client.audio.translations.create({
-    file: "audio.mp3",
-    model: "whisper-1",
-    prompt: "Translate about " + persona, // $ Alert[js/system-prompt-injection]
-  });
-
   // === Object assigned to variable first ===
 
   // Should still be caught via data flow
diff --git a/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/openrouter_test.js b/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/openrouter_test.js
index c3ec1cb92da..fc7ef483ffe 100644
--- a/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/openrouter_test.js
+++ b/javascript/ql/test/Security/CWE-1427/SystemPromptInjection/openrouter_test.js
@@ -9,7 +9,7 @@ const client = new OpenRouter();
 const namedClient = new OpenRouterNamed();
 
 app.get("/test", async (req, res) => {
-  const persona = req.query.persona;
+  const persona = req.query.persona; // $ Source
   const query = req.query.query;
 
   // === OpenRouter Client SDK: chat.send ===
@@ -124,7 +124,7 @@ app.get("/test", async (req, res) => {
     name: "lookup",
     description: "Talk like a " + persona, // $ Alert[js/system-prompt-injection]
     inputSchema: {},
-    execute: async () => {},
+    execute: async () => { },
   });
 
   // input array with user role (SHOULD NOT ALERT)
diff --git a/javascript/ql/test/Security/CWE-1427/UserPromptInjection/UserPromptInjection.expected b/javascript/ql/test/Security/CWE-1427/UserPromptInjection/UserPromptInjection.expected
index 1ba67aabc70..d243ea58d81 100644
--- a/javascript/ql/test/Security/CWE-1427/UserPromptInjection/UserPromptInjection.expected
+++ b/javascript/ql/test/Security/CWE-1427/UserPromptInjection/UserPromptInjection.expected
@@ -1,3 +1,53 @@
+#select
+| anthropic_user_test.js:18:18:18:26 | userInput | anthropic_user_test.js:8:21:8:39 | req.query.userInput | anthropic_user_test.js:18:18:18:26 | userInput | This prompt construction depends on a $@. | anthropic_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
+| anthropic_user_test.js:31:18:31:26 | userInput | anthropic_user_test.js:8:21:8:39 | req.query.userInput | anthropic_user_test.js:31:18:31:26 | userInput | This prompt construction depends on a $@. | anthropic_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
+| gemini_user_test.js:14:15:14:23 | userInput | gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:14:15:14:23 | userInput | This prompt construction depends on a $@. | gemini_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
+| gemini_user_test.js:26:19:26:27 | userInput | gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:26:19:26:27 | userInput | This prompt construction depends on a $@. | gemini_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
+| gemini_user_test.js:37:15:37:23 | userInput | gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:37:15:37:23 | userInput | This prompt construction depends on a $@. | gemini_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
+| gemini_user_test.js:44:13:44:21 | userInput | gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:44:13:44:21 | userInput | This prompt construction depends on a $@. | gemini_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
+| gemini_user_test.js:51:13:51:21 | userInput | gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:51:13:51:21 | userInput | This prompt construction depends on a $@. | gemini_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
+| gemini_user_test.js:58:13:58:21 | userInput | gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:58:13:58:21 | userInput | This prompt construction depends on a $@. | gemini_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
+| langchain_user_test.js:18:26:18:34 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:18:26:18:34 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
+| langchain_user_test.js:22:26:22:34 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:22:26:22:34 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
+| langchain_user_test.js:26:24:26:32 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:26:24:26:32 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
+| langchain_user_test.js:30:27:30:35 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:30:27:30:35 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
+| langchain_user_test.js:34:26:34:34 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:34:26:34:34 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
+| langchain_user_test.js:38:30:38:38 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:38:30:38:38 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
+| langchain_user_test.js:42:33:42:41 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:42:33:42:41 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
+| langchain_user_test.js:44:44:44:52 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:44:44:44:52 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
+| langchain_user_test.js:49:31:49:39 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:49:31:49:39 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
+| langchain_user_test.js:54:29:54:37 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:54:29:54:37 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
+| langchain_user_test.js:59:34:59:42 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:59:34:59:42 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
+| langchain_user_test.js:65:27:65:35 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:65:27:65:35 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
+| langchain_user_test.js:71:27:71:35 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:71:27:71:35 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
+| langchain_user_test.js:77:29:77:37 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:77:29:77:37 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
+| langchain_user_test.js:81:31:81:39 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:81:31:81:39 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
+| langchain_user_test.js:85:37:85:45 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:85:37:85:45 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
+| langchain_user_test.js:90:21:90:29 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:90:21:90:29 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
+| openai_user_test.js:23:12:23:20 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:23:12:23:20 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
+| openai_user_test.js:32:18:32:26 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:32:18:32:26 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
+| openai_user_test.js:43:18:43:26 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:43:18:43:26 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
+| openai_user_test.js:57:19:57:27 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:57:19:57:27 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
+| openai_user_test.js:67:13:67:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:67:13:67:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
+| openai_user_test.js:72:13:72:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:72:13:72:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
+| openai_user_test.js:76:13:76:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:76:13:76:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
+| openai_user_test.js:83:13:83:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:83:13:83:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
+| openai_user_test.js:89:13:89:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:89:13:89:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
+| openai_user_test.js:95:14:95:22 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:95:14:95:22 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
+| openai_user_test.js:101:12:101:20 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:101:12:101:20 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
+| openai_user_test.js:148:12:148:20 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:148:12:148:20 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
+| openai_user_test.js:192:20:192:28 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:192:20:192:28 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
+| openai_user_test.js:196:30:196:38 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:196:30:196:38 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
+| openai_user_test.js:201:27:201:35 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:201:27:201:35 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
+| openai_user_test.js:205:30:205:38 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:205:30:205:38 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
+| openrouter_user_test.js:22:18:22:26 | userInput | openrouter_user_test.js:12:21:12:39 | req.query.userInput | openrouter_user_test.js:22:18:22:26 | userInput | This prompt construction depends on a $@. | openrouter_user_test.js:12:21:12:39 | req.query.userInput | user-provided value |
+| openrouter_user_test.js:36:19:36:27 | userInput | openrouter_user_test.js:12:21:12:39 | req.query.userInput | openrouter_user_test.js:36:19:36:27 | userInput | This prompt construction depends on a $@. | openrouter_user_test.js:12:21:12:39 | req.query.userInput | user-provided value |
+| openrouter_user_test.js:50:18:50:26 | userInput | openrouter_user_test.js:12:21:12:39 | req.query.userInput | openrouter_user_test.js:50:18:50:26 | userInput | This prompt construction depends on a $@. | openrouter_user_test.js:12:21:12:39 | req.query.userInput | user-provided value |
+| openrouter_user_test.js:59:12:59:20 | userInput | openrouter_user_test.js:12:21:12:39 | req.query.userInput | openrouter_user_test.js:59:12:59:20 | userInput | This prompt construction depends on a $@. | openrouter_user_test.js:12:21:12:39 | req.query.userInput | user-provided value |
+| openrouter_user_test.js:68:12:68:20 | userInput | openrouter_user_test.js:12:21:12:39 | req.query.userInput | openrouter_user_test.js:68:12:68:20 | userInput | This prompt construction depends on a $@. | openrouter_user_test.js:12:21:12:39 | req.query.userInput | user-provided value |
+| openrouter_user_test.js:77:18:77:26 | userInput | openrouter_user_test.js:12:21:12:39 | req.query.userInput | openrouter_user_test.js:77:18:77:26 | userInput | This prompt construction depends on a $@. | openrouter_user_test.js:12:21:12:39 | req.query.userInput | user-provided value |
+| openrouter_user_test.js:88:18:88:26 | userInput | openrouter_user_test.js:12:21:12:39 | req.query.userInput | openrouter_user_test.js:88:18:88:26 | userInput | This prompt construction depends on a $@. | openrouter_user_test.js:12:21:12:39 | req.query.userInput | user-provided value |
+| openrouter_user_test.js:97:12:97:20 | userInput | openrouter_user_test.js:12:21:12:39 | req.query.userInput | openrouter_user_test.js:97:12:97:20 | userInput | This prompt construction depends on a $@. | openrouter_user_test.js:12:21:12:39 | req.query.userInput | user-provided value |
 edges
 | anthropic_user_test.js:8:9:8:17 | userInput | anthropic_user_test.js:18:18:18:26 | userInput | provenance |  |
 | anthropic_user_test.js:8:9:8:17 | userInput | anthropic_user_test.js:31:18:31:26 | userInput | provenance |  |
@@ -114,53 +164,3 @@ nodes
 | openrouter_user_test.js:88:18:88:26 | userInput | semmle.label | userInput |
 | openrouter_user_test.js:97:12:97:20 | userInput | semmle.label | userInput |
 subpaths
-#select
-| anthropic_user_test.js:18:18:18:26 | userInput | anthropic_user_test.js:8:21:8:39 | req.query.userInput | anthropic_user_test.js:18:18:18:26 | userInput | This prompt construction depends on a $@. | anthropic_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
-| anthropic_user_test.js:31:18:31:26 | userInput | anthropic_user_test.js:8:21:8:39 | req.query.userInput | anthropic_user_test.js:31:18:31:26 | userInput | This prompt construction depends on a $@. | anthropic_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
-| gemini_user_test.js:14:15:14:23 | userInput | gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:14:15:14:23 | userInput | This prompt construction depends on a $@. | gemini_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
-| gemini_user_test.js:26:19:26:27 | userInput | gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:26:19:26:27 | userInput | This prompt construction depends on a $@. | gemini_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
-| gemini_user_test.js:37:15:37:23 | userInput | gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:37:15:37:23 | userInput | This prompt construction depends on a $@. | gemini_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
-| gemini_user_test.js:44:13:44:21 | userInput | gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:44:13:44:21 | userInput | This prompt construction depends on a $@. | gemini_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
-| gemini_user_test.js:51:13:51:21 | userInput | gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:51:13:51:21 | userInput | This prompt construction depends on a $@. | gemini_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
-| gemini_user_test.js:58:13:58:21 | userInput | gemini_user_test.js:8:21:8:39 | req.query.userInput | gemini_user_test.js:58:13:58:21 | userInput | This prompt construction depends on a $@. | gemini_user_test.js:8:21:8:39 | req.query.userInput | user-provided value |
-| langchain_user_test.js:18:26:18:34 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:18:26:18:34 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
-| langchain_user_test.js:22:26:22:34 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:22:26:22:34 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
-| langchain_user_test.js:26:24:26:32 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:26:24:26:32 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
-| langchain_user_test.js:30:27:30:35 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:30:27:30:35 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
-| langchain_user_test.js:34:26:34:34 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:34:26:34:34 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
-| langchain_user_test.js:38:30:38:38 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:38:30:38:38 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
-| langchain_user_test.js:42:33:42:41 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:42:33:42:41 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
-| langchain_user_test.js:44:44:44:52 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:44:44:44:52 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
-| langchain_user_test.js:49:31:49:39 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:49:31:49:39 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
-| langchain_user_test.js:54:29:54:37 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:54:29:54:37 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
-| langchain_user_test.js:59:34:59:42 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:59:34:59:42 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
-| langchain_user_test.js:65:27:65:35 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:65:27:65:35 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
-| langchain_user_test.js:71:27:71:35 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:71:27:71:35 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
-| langchain_user_test.js:77:29:77:37 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:77:29:77:37 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
-| langchain_user_test.js:81:31:81:39 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:81:31:81:39 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
-| langchain_user_test.js:85:37:85:45 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:85:37:85:45 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
-| langchain_user_test.js:90:21:90:29 | userInput | langchain_user_test.js:13:21:13:39 | req.query.userInput | langchain_user_test.js:90:21:90:29 | userInput | This prompt construction depends on a $@. | langchain_user_test.js:13:21:13:39 | req.query.userInput | user-provided value |
-| openai_user_test.js:23:12:23:20 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:23:12:23:20 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
-| openai_user_test.js:32:18:32:26 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:32:18:32:26 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
-| openai_user_test.js:43:18:43:26 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:43:18:43:26 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
-| openai_user_test.js:57:19:57:27 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:57:19:57:27 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
-| openai_user_test.js:67:13:67:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:67:13:67:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
-| openai_user_test.js:72:13:72:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:72:13:72:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
-| openai_user_test.js:76:13:76:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:76:13:76:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
-| openai_user_test.js:83:13:83:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:83:13:83:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
-| openai_user_test.js:89:13:89:21 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:89:13:89:21 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
-| openai_user_test.js:95:14:95:22 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:95:14:95:22 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
-| openai_user_test.js:101:12:101:20 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:101:12:101:20 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
-| openai_user_test.js:148:12:148:20 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:148:12:148:20 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
-| openai_user_test.js:192:20:192:28 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:192:20:192:28 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
-| openai_user_test.js:196:30:196:38 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:196:30:196:38 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
-| openai_user_test.js:201:27:201:35 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:201:27:201:35 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
-| openai_user_test.js:205:30:205:38 | userInput | openai_user_test.js:15:21:15:39 | req.query.userInput | openai_user_test.js:205:30:205:38 | userInput | This prompt construction depends on a $@. | openai_user_test.js:15:21:15:39 | req.query.userInput | user-provided value |
-| openrouter_user_test.js:22:18:22:26 | userInput | openrouter_user_test.js:12:21:12:39 | req.query.userInput | openrouter_user_test.js:22:18:22:26 | userInput | This prompt construction depends on a $@. | openrouter_user_test.js:12:21:12:39 | req.query.userInput | user-provided value |
-| openrouter_user_test.js:36:19:36:27 | userInput | openrouter_user_test.js:12:21:12:39 | req.query.userInput | openrouter_user_test.js:36:19:36:27 | userInput | This prompt construction depends on a $@. | openrouter_user_test.js:12:21:12:39 | req.query.userInput | user-provided value |
-| openrouter_user_test.js:50:18:50:26 | userInput | openrouter_user_test.js:12:21:12:39 | req.query.userInput | openrouter_user_test.js:50:18:50:26 | userInput | This prompt construction depends on a $@. | openrouter_user_test.js:12:21:12:39 | req.query.userInput | user-provided value |
-| openrouter_user_test.js:59:12:59:20 | userInput | openrouter_user_test.js:12:21:12:39 | req.query.userInput | openrouter_user_test.js:59:12:59:20 | userInput | This prompt construction depends on a $@. | openrouter_user_test.js:12:21:12:39 | req.query.userInput | user-provided value |
-| openrouter_user_test.js:68:12:68:20 | userInput | openrouter_user_test.js:12:21:12:39 | req.query.userInput | openrouter_user_test.js:68:12:68:20 | userInput | This prompt construction depends on a $@. | openrouter_user_test.js:12:21:12:39 | req.query.userInput | user-provided value |
-| openrouter_user_test.js:77:18:77:26 | userInput | openrouter_user_test.js:12:21:12:39 | req.query.userInput | openrouter_user_test.js:77:18:77:26 | userInput | This prompt construction depends on a $@. | openrouter_user_test.js:12:21:12:39 | req.query.userInput | user-provided value |
-| openrouter_user_test.js:88:18:88:26 | userInput | openrouter_user_test.js:12:21:12:39 | req.query.userInput | openrouter_user_test.js:88:18:88:26 | userInput | This prompt construction depends on a $@. | openrouter_user_test.js:12:21:12:39 | req.query.userInput | user-provided value |
-| openrouter_user_test.js:97:12:97:20 | userInput | openrouter_user_test.js:12:21:12:39 | req.query.userInput | openrouter_user_test.js:97:12:97:20 | userInput | This prompt construction depends on a $@. | openrouter_user_test.js:12:21:12:39 | req.query.userInput | user-provided value |
diff --git a/javascript/ql/test/Security/CWE-1427/UserPromptInjection/UserPromptInjection.qlref b/javascript/ql/test/Security/CWE-1427/UserPromptInjection/UserPromptInjection.qlref
index e9328ec91b2..dcdcef56739 100644
--- a/javascript/ql/test/Security/CWE-1427/UserPromptInjection/UserPromptInjection.qlref
+++ b/javascript/ql/test/Security/CWE-1427/UserPromptInjection/UserPromptInjection.qlref
@@ -1 +1,2 @@
-Security/CWE-1427/UserPromptInjection.ql
+query: Security/CWE-1427/UserPromptInjection.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql
\ No newline at end of file
diff --git a/javascript/ql/test/Security/CWE-1427/UserPromptInjection/anthropic_user_test.js b/javascript/ql/test/Security/CWE-1427/UserPromptInjection/anthropic_user_test.js
index e3e7a2abf8a..1c269b650be 100644
--- a/javascript/ql/test/Security/CWE-1427/UserPromptInjection/anthropic_user_test.js
+++ b/javascript/ql/test/Security/CWE-1427/UserPromptInjection/anthropic_user_test.js
@@ -5,7 +5,7 @@ const app = express();
 const client = new Anthropic();
 
 app.get("/test", async (req, res) => {
-  const userInput = req.query.userInput;
+  const userInput = req.query.userInput; // $ Source
 
   // === User role message (SHOULD ALERT) ===
 
diff --git a/javascript/ql/test/Security/CWE-1427/UserPromptInjection/gemini_user_test.js b/javascript/ql/test/Security/CWE-1427/UserPromptInjection/gemini_user_test.js
index 1676072fec3..f38da3a418c 100644
--- a/javascript/ql/test/Security/CWE-1427/UserPromptInjection/gemini_user_test.js
+++ b/javascript/ql/test/Security/CWE-1427/UserPromptInjection/gemini_user_test.js
@@ -5,7 +5,7 @@ const app = express();
 const ai = new GoogleGenAI({ apiKey: "test-key" });
 
 app.get("/test", async (req, res) => {
-  const userInput = req.query.userInput;
+  const userInput = req.query.userInput; // $ Source
 
   // === generateContent with string contents (SHOULD ALERT) ===
 
diff --git a/javascript/ql/test/Security/CWE-1427/UserPromptInjection/langchain_user_test.js b/javascript/ql/test/Security/CWE-1427/UserPromptInjection/langchain_user_test.js
index 3cb06aed74a..bc6090ab192 100644
--- a/javascript/ql/test/Security/CWE-1427/UserPromptInjection/langchain_user_test.js
+++ b/javascript/ql/test/Security/CWE-1427/UserPromptInjection/langchain_user_test.js
@@ -10,7 +10,7 @@ const { createAgent, initChatModel } = require("langchain");
 const app = express();
 
 app.get("/test", async (req, res) => {
-  const userInput = req.query.userInput;
+  const userInput = req.query.userInput; // $ Source
 
   // === ChatModel.invoke (SHOULD ALERT) ===
 
diff --git a/javascript/ql/test/Security/CWE-1427/UserPromptInjection/openai_user_test.js b/javascript/ql/test/Security/CWE-1427/UserPromptInjection/openai_user_test.js
index 94b7409033b..98e9dfcf6dc 100644
--- a/javascript/ql/test/Security/CWE-1427/UserPromptInjection/openai_user_test.js
+++ b/javascript/ql/test/Security/CWE-1427/UserPromptInjection/openai_user_test.js
@@ -12,7 +12,7 @@ const client = new OpenAI();
 const azureClient = new AzureOpenAI();
 
 app.get("/test", async (req, res) => {
-  const userInput = req.query.userInput;
+  const userInput = req.query.userInput; // $ Source
 
   // === Bare OpenAI client: user prompt sinks (SHOULD ALERT) ===
 
diff --git a/javascript/ql/test/Security/CWE-1427/UserPromptInjection/openrouter_user_test.js b/javascript/ql/test/Security/CWE-1427/UserPromptInjection/openrouter_user_test.js
index 90dceabdbfa..89418a2dc2a 100644
--- a/javascript/ql/test/Security/CWE-1427/UserPromptInjection/openrouter_user_test.js
+++ b/javascript/ql/test/Security/CWE-1427/UserPromptInjection/openrouter_user_test.js
@@ -9,7 +9,7 @@ const client = new OpenRouter();
 const namedClient = new OpenRouterNamed();
 
 app.get("/test", async (req, res) => {
-  const userInput = req.query.userInput;
+  const userInput = req.query.userInput; // $ Source
 
   // === OpenRouter Client SDK: chat.send ===