Open-Source AI Platform Exposes Full System Prompts via /api/converse Endpoint

A significant security misconfiguration in an open-source AI platform's API is exposing the full system prompt to clients, creating a direct vector for targeted attacks. The vulnerability, rated as medium severity, resides in the `/api/converse` endpoint, which returns the complete `systemPrompt` field to users upon initiating new sessions. This exposure hands potential adversaries the internal control logic and guardrails, significantly lowering the barrier for crafting precise jailbreak or prompt-injection attacks.

The flaw is located within the codebase at `packages/web/api/src/functions/converse.ts`, specifically on line 39 and lines 151-155. By revealing the exact instructions and policies governing the AI's behavior, the leak transforms what should be a protected configuration into a blueprint for exploitation. The impact is clear: attackers can study the prompt to understand its limitations and design inputs that systematically bypass its safety mechanisms.

This vulnerability is classified under OWASP A05:2021 - Security Misconfiguration. The explicit recommendation is to immediately stop returning full system prompts to general clients. If prompt details are required for debugging purposes, access must be strictly gated behind privileged environments or user roles, with any sensitive sections of the prompt proactively redacted. Failure to remediate leaves the system's core integrity open to scrutiny and manipulation by any user who can access the endpoint.