## Prompt Injection Flaw in Nester's Prometheus Service Exposes Financial Advisory AI to Manipulation via Unsanitized User Parameters
A prompt injection vulnerability has been identified in WhisperX's internal AI service infrastructure, specifically within `apps/intelligence/app/services/prometheus.py`. The flaw allows an attacker to manipulate LLM-generated responses by injecting arbitrary instructions through unsanitized `userId` and `vaultId` query parameters that are interpolated directly into prompts sent to the Claude API without any sanitization, escaping, or structural separation from the instruction text.

The affected code constructs prompts by concatenating raw user-supplied values directly into instruction strings at approximately line 149. Unlike traditional code injection, prompt injection exploits the LLM's instruction-following behavior rather than system execution. A malicious caller can embed natural language instructions within `userId` or `vaultId` values, causing the model to deviate from its intended financial advisory behavior and execute the attacker's instructions instead. The lack of input validation means the system cannot distinguish between legitimate user data and injected directives.

The vulnerability carries elevated risk due to its operational context. WhisperX's Nester platform serves emerging markets users who may be less familiar with phishing and social engineering tactics. Within this environment, AI-generated content is granted elevated user trust when displayed within the Nester interface. Successful exploitation could enable generation of AI-crafted phishing content, fraudulent financial recommendations, or credential harvesting instructions disguised as legitimate advisory output. The convergence of direct model manipulation capability, trusted AI-generated output context, and financially vulnerable user populations creates a high-impact attack vector that warrants immediate remediation and security review.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: prompt-injection, ai-security, claude-api, llm-vulnerability, financial-advisory
- **Credibility**: unverified
- **Published**: 2026-04-22 15:27:39
- **ID**: 76005
- **URL**: https://whisperx.ai/en/intel/76005