The Problem
AI agents are being deployed at scale — in customer support, code generation, data analysis, and autonomous workflows. But the code that powers these agents is rarely security-audited.
Consider this pattern, common in production agent codebases:
user_input = request.json()["prompt"]
prompt = f"You are a helpful assistant. {user_input}"






