This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.
Post
ToxSec
toxsec.bsky.social
did:plc:wtepcxibyxuluhc2453nor2n
prompt injection in code review.
CVE-2025-6945 lets an authenticated user smuggle malicious prompts in merge requests so Duo leaks data or misbehaves during “helpful” review.
It is the OWASP LLM01:2025 playbook in real life, now living in your CI pipeline where nobody reads the warnings anyway.
#ai
2025-11-24T05:39:48.534Z