Summary
The source file src/utils/sanitize.ts contains a fully implemented looksLikePromptInjection() function (L170-L243) with comprehensive pattern matching for jailbreak payloads. The function is called at L153 in shouldExtractL1().
However, in the published dist/index.mjs (v0.3.6), neither the function nor the call exists. The bundler tree-shakes it away because the call at L153 is commented out in the source.
Impact
v0.3.6 has no prompt injection detection at the L1 extraction gate. Any conversation content including explicit jailbreak payloads will pass shouldExtractL1() and be persisted as structured L1 memory. When recalled in future sessions, the injected content enters the system prompt context.
Evidence
Source (src/utils/sanitize.ts):
Published dist (dist/index.mjs):
The shouldExtractL1() function in the bundle (L8451) only checks for empty text, symbolic-only strings, and question marks - no injection detection whatsoever.
Suggested Fix
Uncomment L153 in src/utils/sanitize.ts:
1-line change. The function body is already complete and covers English/Chinese injection patterns.
Summary
The source file
src/utils/sanitize.tscontains a fully implementedlooksLikePromptInjection()function (L170-L243) with comprehensive pattern matching for jailbreak payloads. The function is called at L153 inshouldExtractL1().However, in the published
dist/index.mjs(v0.3.6), neither the function nor the call exists. The bundler tree-shakes it away because the call at L153 is commented out in the source.Impact
v0.3.6 has no prompt injection detection at the L1 extraction gate. Any conversation content including explicit jailbreak payloads will pass
shouldExtractL1()and be persisted as structured L1 memory. When recalled in future sessions, the injected content enters the system prompt context.Evidence
Source (
src/utils/sanitize.ts):Published dist (
dist/index.mjs):The
shouldExtractL1()function in the bundle (L8451) only checks for empty text, symbolic-only strings, and question marks - no injection detection whatsoever.Suggested Fix
Uncomment L153 in
src/utils/sanitize.ts:1-line change. The function body is already complete and covers English/Chinese injection patterns.