A 56,000-Star AI App Shipped With a Textbook SQL Injection Flaw

A 56,000-star LLM app ships with raw string concatenation in its database connector. I found it, reported it, got the CVE. Here is the whole story and why it matters beyond the bug.