movieRecsBot

The application handles sensitive data (database credentials, API keys) via environment variables and Docker secrets, which is a good practice. Database interactions use parameterized queries, mitigating SQL injection risks. The admin bootstrap endpoint for IMDb data loading is protected by a configurable token. LLM interaction for language detection and translation uses a structured prompt format to extract JSON, and content from LLMs is sanitized before being displayed, reducing risks of cross-site scripting in Telegram. Default placeholder passwords are explicitly marked (`changeme`) and the setup script encourages overriding them. No 'eval' or similar dynamic code execution on user input was identified. Inherent risks related to LLM prompt injection exist due to user-provided text being part of prompts, though the system attempts to guide LLM responses into structured formats.