1. Prompt Injection Flaw in Nester's Prometheus Service Exposes Financial Advisory AI to Manipulation via Unsanitized User Parameters
A prompt injection vulnerability has been identified in WhisperX's internal AI service infrastructure, specifically within `apps/intelligence/app/services/prometheus.py`. The flaw allows an attacker to manipulate LLM-generated responses by injecting arbitrary instructions through unsanitized `userId` and `vaultId` quer...