Add missing system/user prompt-injection sinks across the OpenAI,
Anthropic, and Google GenAI JavaScript models:
- OpenAI videos.create/edit/extend/remix prompts (user)
- OpenAI beta.realtime.sessions.create instructions (system)
- Anthropic legacy completions.create prompt (user)
- Google GenAI caches.create config.systemInstruction (system)
- Google GenAI caches.create config.contents (user)
Also reclassify the OpenAI legacy completions.create prompt from
system-prompt-injection to user-prompt-injection: the legacy
/v1/completions endpoint takes a single free-form prompt with no role
separation, so it is the text-in/text-out equivalent of a user message.
Note: videos.remix takes the prompt in Argument[1] (remix(videoID, body)),
and Google GenAI caches.create nests both contents and systemInstruction
under config, so the model entries differ slightly from a naive mapping.
Add corresponding test cases with inline annotations and regenerate the
.expected files.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2. Add annotations for sources
2. Fix a modelling issue in the openai library - missing coverage for a legacy method when moving to MaDs and a mistake in the assistants.create models
Update the alert message to "This system prompt depends on a $@." matching the SQL injection query style, and move the test out of experimental into Security/CWE-1427 to mirror the stable query location.
Move UserPromptInjection out of experimental into stable JavaScript security locations.
Set js/user-prompt-injection precision to low and remove experimental tagging.
Move supporting dataflow libraries, qhelp/examples, and tests to stable paths and update references.
