sparql-llm

The system employs several security measures, including `DOMPurify` for HTML sanitization in the frontend (preventing XSS), `validate_sparql_with_void` for checking generated SPARQL queries against known endpoint schemas (mitigating SPARQL injection), and environment variables for API key management. However, potential risks exist inherent to dynamic query generation and external API interactions. A sophisticated LLM jailbreak could theoretically influence the `endpoint_url` passed to `query_sparql` or craft malicious queries that bypass incomplete VoID schema validations, leading to SSRF or unintended data access on controlled endpoints. Logging of user questions and feedback (potentially sensitive information) is protected by an API key.