A mock LLM chat. Two OWASP-LLM bugs: (1) prompt injection / system-prompt leakage — try to override its instructions; (2) improper output handling — the model's reply is rendered as raw HTML, so LLM output becomes XSS.
Try also: <img src=x onerror=alert(document.domain)>
Detected by: bounty_llm_* (prompt injection); browser_cdp_xss_payload_inject (output→XSS)
Endpoint: POST /api/ai-summarize — hidden doc instructions get obeyed (context poisoning).