Insecure Output Handling

A model's output is untrusted input to whatever consumes it next. The app trusts it because "we generated it" — but the model is steerable by the user, so its output is attacker-influenceable. Render it with innerHTML and you have XSS; concatenate it into a shell command and you have RCE. The classic web bugs come back, laundered through a component everyone treats as trusted.