Skip to content
Wade Womersley

wade.one

wade womersley – york based software engineer

  • Home
  • 2026
  • July
  • 15
  • CodeQL’s System Prompt Injection Query Is a Useful Start

CodeQL’s System Prompt Injection Query Is a Useful Start

Posted on July 15, 2026 By
AI, Programming

Prompt injection is often discussed as if it lives entirely inside mysterious model behaviour. Some of it is much more ordinary than that: untrusted input flows into a privileged instruction, and the application gives the result too much authority. That is exactly the sort of path static analysis should help expose.

CodeQL 2.26.0 adds a JavaScript and TypeScript query for system prompt injection. It looks for user-controlled values reaching system prompts and expands support for sinks in OpenAI, Anthropic, and Google GenAI APIs. GitHub code scanning users on github.com receive the new version automatically.

This will not solve prompt injection by itself. An application can still assemble a technically clean prompt and then hand the model a dangerous tool, trust retrieved content too much, or skip approval around a destructive action. But a warning that says “this request value reaches your system instruction” is concrete. It can sit beside SQL injection and unsafe deserialisation findings in the normal review flow instead of being left for an AI security workshop nobody has time to attend.

I like this direction because it makes AI application security look more like application security. Trace the data, identify the trust boundary, reduce authority, and test the failure. The model is new; most of the engineering discipline is not.

Share:

  • Share on Facebook (Opens in new window) Facebook
  • Share on X (Opens in new window) X
  • Share on Tumblr (Opens in new window) Tumblr
  • Share on Pinterest (Opens in new window) Pinterest
  • Share on LinkedIn (Opens in new window) LinkedIn
  • Share on Reddit (Opens in new window) Reddit

Related

Comments

comments

Tags: ai application-security codeql prompt-injection

Post navigation

❮ Previous Post: GitHub Models Is Shutting Down on July 30

You may also like

Programming
How I Decide When an API Needs Versioning
April 16, 2026
Programming
Reset MySQL root password if you forgot it #mysql
April 12, 2010
PHP
PHP 8.5 Deprecations Are a Good Upgrade Checklist
May 30, 2026
AI
Codex Moving Beyond Code Is the Interesting Part
April 25, 2026
  • AI
  • artificial intelligence
  • Ego-centric
  • Events
  • Films
  • Food
  • Gaming
  • Gym
  • Hardware
  • Holidays
  • News
  • PHP
  • Programming
  • Random Stuff
  • Reviews
  • Science
  • SEO
  • Software
  • Software Engineer
  • Support
  • Uncategorized
  • Work

Copyright © 2026 wade.one.

Theme: Oceanly News Dark by ScriptsTown