Untrusted user input directly used in ai prompt

The application constructs prompts for Firebase AI Logic by directly incorporating raw, unvalidated input from a user. This creates a high risk of Prompt Injection (OWASP LLM01), where an attacker can embed malicious instructions to manipulate the AI's response, potentially causing data leakage or the generation of harmful content. The client-side nature of the SDK makes this a primary concern for the app developer.