P0: Close FIM instruction injection vector

## Source
ChatGPT security review feedback

## Problem

FIM prompt construction concatenates user-controlled "instruction" text directly into the prompt body. This allows instruction injection — a malicious instruction containing FIM tokens, delimiter tokens, or "ignore previous" patterns could alter the prompt structure.

## Fix

- Don't concatenate instruction inside the FIM prompt body
- Keep FIM strictly prefix/suffix
- Put instruction in a separate system/developer message or sanitize it as metadata
- Add test case: instruction includes FIM tokens / delimiter tokens / "ignore previous" → ensure it cannot change prompt structure

## Relevant Code
- `src/tools/fim.rs`

## Priority
P0 — security vector

## Labels
security, P0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

P0: Close FIM instruction injection vector #62

Source

Problem

Fix

Relevant Code

Priority

Labels

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

P0: Close FIM instruction injection vector #62

Description

Source

Problem

Fix

Relevant Code

Priority

Labels

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions