LLM05

Improper Output Handling

Downstream systems blindly trust LLM output, enabling XSS, SSRF, code injection, or command execution vulnerabilities.

1 write-ups1 labs1 demos2 tools
LLM05intermediatehigh
LLM Output → XSS: When Markdown Becomes Malicious
How unsanitized LLM output rendered as HTML can lead to cross-site scripting, stored XSS, and downstream code injection.
XSSoutput-handlingmarkdowninjection