CodeQL’s System Prompt Injection Query Is a Useful Start
CodeQL 2.26 can trace untrusted values into JavaScript and TypeScript system prompts, turning one AI security risk into something code review can see.
wade womersley – york based software engineer
Engineering notes from the sharp end
wade womersley – york based software engineer I write the way I work: direct, useful, and more interested in what holds up in production than what sounds clever on a slide.
263 published posts
Latest update
Latest post
CodeQL 2.26 can trace untrusted values into JavaScript and TypeScript system prompts, turning one AI security risk into something code review can see.
Archive
GitHub Models closes on July 30, with brownouts first, so this is a migration deadline rather than a product update to read later.
PHP 8.6 Alpha 1 is not for production, but it is exactly when framework, library, and platform teams should begin compatibility testing.
GPT-5.6’s Sol, Terra, and Luna tiers make model choice a practical cost decision instead of a hunt for one universal default.
Android developer verification should be treated like release infrastructure, especially for teams distributing outside Google Play.
Jetpack Compose 1.11’s testing changes are worth planning for because timing assumptions can quietly break mobile test suites.
Android Studio agent skills matter because coding agents need durable project knowledge, not repeated prompt folklore.
A good meme does not need to be clever. It just needs enough people to commit to the bit.
Android Studio’s Gemma 4 support matters because local coding agents change the trust model for mobile teams.
C# 14’s field keyword reduces boilerplate in validation-heavy properties without turning ordinary property code into magic.