From e921eda0a01bb53f67d1ac6cb34d099baf3c1476 Mon Sep 17 00:00:00 2001
From: m3taversal <m3taversal@gmail.com>
Date: Sat, 21 Mar 2026 15:29:46 +0000
Subject: [PATCH] epimetheus: sanitize learnings before prompt injection
 (Ganymede review)

Learnings file content now passes through sanitize_message() before injection
into the Opus prompt. Prevents prompt injection via crafted "corrections."
Rio UUID 5551F5AF confirmed as current Teleo v4 Rio.

Pentagon-Agent: Epimetheus <3D35839A-7722-4740-B93D-51157F7D5E70>
---
 telegram/bot.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/telegram/bot.py b/telegram/bot.py
index c91160a..0a34dad 100644
--- a/telegram/bot.py
+++ b/telegram/bot.py
@@ -202,9 +202,10 @@ def _git_commit_archive(archive_path, filename: str):
 
 
 def _load_learnings() -> str:
-    """Load Rio's learnings file for prompt injection."""
+    """Load Rio's learnings file for prompt injection. Sanitized (Ganymede: prompt injection risk)."""
     try:
-        return Path(LEARNINGS_FILE).read_text()[:3000]  # Cap at 3K chars for prompt budget
+        raw = Path(LEARNINGS_FILE).read_text()[:3000]
+        return sanitize_message(raw)  # Same sanitization as user messages
     except Exception:
         return ""