molecule-core

History

Hongming Wang 2362eb3a9e chore(template): add YAML injection to Security Auditor check list (#248 ) Closes #248. Three instances of the same YAML-injection bug class (#221 name/role, #233 template path, #241 runtime/model) shipped in this repo over the last weeks. The common root cause is the Security Auditor's system prompt didn't list YAML injection as an explicit check class, so audits missed the pattern every time. Adds: - "YAML injection" to the 'Think like an attacker' list in How You Work - An explicit entry in What You Check with the three prior instances cited so future auditors see the pattern and the fix shape (double-quoted scalars or a proper YAML encoder) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-15 13:18:52 -07:00
..
.env.example	initial commit — Molecule AI platform	2026-04-13 11:55:37 -07:00
system-prompt.md	chore(template): add YAML injection to Security Auditor check list (#248 )	2026-04-15 13:18:52 -07:00

Hongming Wang 2362eb3a9e chore(template): add YAML injection to Security Auditor check list (#248 )

Closes #248. Three instances of the same YAML-injection bug class
(#221 name/role, #233 template path, #241 runtime/model) shipped in
this repo over the last weeks. The common root cause is the Security
Auditor's system prompt didn't list YAML injection as an explicit
check class, so audits missed the pattern every time.

Adds:
- "YAML injection" to the 'Think like an attacker' list in How You Work
- An explicit entry in What You Check with the three prior instances
  cited so future auditors see the pattern and the fix shape
  (double-quoted scalars or a proper YAML encoder)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-15 13:18:52 -07:00

.env.example

initial commit — Molecule AI platform

2026-04-13 11:55:37 -07:00

system-prompt.md

chore(template): add YAML injection to Security Auditor check list (#248 )

2026-04-15 13:18:52 -07:00