QLDoc + include the queries in the correct expected files per query suite

javascript/ql/integration-tests/query-suite/javascript-code-scanning.qls.expected

@@ -41,6 +41,7 @@ ql/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql
 ql/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql
 ql/javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql
 ql/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql
+ql/javascript/ql/src/Security/CWE-1427/SystemPromptInjection.ql
 ql/javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql
 ql/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql
 ql/javascript/ql/src/Security/CWE-201/PostMessageStar.ql

javascript/ql/integration-tests/query-suite/javascript-security-and-quality.qls.expected

@@ -132,6 +132,7 @@ ql/javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql
 ql/javascript/ql/src/Security/CWE-117/LogInjection.ql
 ql/javascript/ql/src/Security/CWE-1275/SameSiteNoneCookie.ql
 ql/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql
+ql/javascript/ql/src/Security/CWE-1427/SystemPromptInjection.ql
 ql/javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql
 ql/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql
 ql/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql

javascript/ql/integration-tests/query-suite/javascript-security-extended.qls.expected

@@ -47,6 +47,7 @@ ql/javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql
 ql/javascript/ql/src/Security/CWE-117/LogInjection.ql
 ql/javascript/ql/src/Security/CWE-1275/SameSiteNoneCookie.ql
 ql/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql
+ql/javascript/ql/src/Security/CWE-1427/SystemPromptInjection.ql
 ql/javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql
 ql/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql
 ql/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql

javascript/ql/integration-tests/query-suite/not_included_in_qls.expected

@@ -57,6 +57,7 @@ ql/javascript/ql/src/definitions.ql
 ql/javascript/ql/src/experimental/Security/CWE-094-dataURL/CodeInjection.ql
 ql/javascript/ql/src/experimental/Security/CWE-099/EnvValueAndKeyInjection.ql
 ql/javascript/ql/src/experimental/Security/CWE-099/EnvValueInjection.ql
+ql/javascript/ql/src/experimental/Security/CWE-1427/UserPromptInjection.ql
 ql/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql
 ql/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerification.ql
 ql/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerificationLocalSource.ql

javascript/ql/lib/semmle/javascript/frameworks/Anthropic.qll

@@ -11,6 +11,7 @@
 
 private import javascript
 
+/** Provides classes modeling prompt-injection sources of the `@anthropic-ai/sdk` package. */
 module Anthropic {
   /** Gets a reference to the `Anthropic` client instance. */
   private API::Node classRef() { result = API::moduleImport("@anthropic-ai/sdk").getInstance() }

javascript/ql/lib/semmle/javascript/frameworks/GoogleGenAI.qll

@@ -11,6 +11,7 @@
 
 private import javascript
 
+/** Provides classes modeling prompt-injection sources of the `@google/genai` package. */
 module GoogleGenAI {
   /** Gets a reference to the `GoogleGenAI` client instance. */
   private API::Node clientRef() {

javascript/ql/lib/semmle/javascript/frameworks/OpenAI.qll

@@ -16,6 +16,7 @@ private predicate isSystemOrDevMessage(API::Node msg) {
   msg.getMember("role").asSink().mayHaveStringValue(["system", "developer", "assistant"])
 }
 
+/** Provides classes modeling prompt-injection sources of the `openai` and `openai-guardrails` packages. */
 module OpenAI {
   /** Gets a reference to all OpenAI client instances. */
   private API::Node allClients() {
@@ -207,6 +208,7 @@ module OpenAI {
  * unsafe agent detection that MaD cannot express.
  */
 module AgentSDK {
+  /** Gets a reference to the OpenAI Agents SDK module. */
   API::Node moduleRef() {
     result = API::moduleImport("@openai/agents")
     or