core/go-ai
8
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

security: review API key handling and prompt injection surface #1

New issue
Open
opened 2026-02-16 17:01:36 +00:00 by clotho · 0 comments
clotho commented 2026-02-16 17:01:36 +00:00
Member
Copy link

Security audit of core/go-ai. Check:

  1. API keys (Gemini, HuggingFace) are not logged or leaked in errors
  2. Prompt construction doesn't allow injection from untrusted input
  3. File paths are sanitised (no directory traversal)
  4. HTTP clients have timeouts set
  5. Temporary files are cleaned up

Post findings as a comment. Do not make code changes.

Security audit of core/go-ai. Check: 1. API keys (Gemini, HuggingFace) are not logged or leaked in errors 2. Prompt construction doesn't allow injection from untrusted input 3. File paths are sanitised (no directory traversal) 4. HTTP clients have timeouts set 5. Temporary files are cleaned up Post findings as a comment. Do not make code changes.
clotho added the
clotho
security
 labels 2026-02-16 17:01:36 +00:00
Athena was assigned by Snider 2026-02-16 17:47:44 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels
  
athena

Assign to Athena AI agent (M3 Ultra)

  
athena-gemini

Dispatch to Gemini CLI on M3 Ultra

  
audit

Code audit task

  
clotho

Assign to Clotho AI agent for processing

  
clotho-gemini

Dispatch to Gemini CLI on darbs (AU)

  
codex

Dispatch to Codex CLI on gateway for analysis

  
darbs-claude

Dispatch to Claude on darbs (AU)

  
security

Security review task

  
wiki

Documentation/wiki update

No labels
athena
athena-gemini
audit
clotho
clotho-gemini
codex
darbs-claude
security
wiki
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
Athena
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: core/go-ai#1
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?