Build a Prompt-Injection Regression Fixture for CodeQL 2.26.0 GitHub announced CodeQL 2.26.0, which adds AI prompt-injection detection. A developer provided implementation templates for building a regression fixture to test prompt-injection detection, including positive and negative test cases and expected alert configurations. The fixture ensures that untrusted-to-model paths are tracked as executable repository contracts rather than just changelog items. GitHub announced on July 10, 2026 that CodeQL 2.26.0 adds AI prompt-injection detection. Enabling a query is useful; owning a regression test is better. Primary source: GitHub Changelog, July 10, 2026 https://github.blog/changelog/2026-07-10-codeql-2-26-0-adds-kotlin-2-4-0-support-and-ai-prompt-injection-detection/ . The examples below are implementation templates, not results from a repository I tested. A useful fixture contains an untrusted source, prompt construction, and a model sink: security-fixtures/prompt-injection/ ├── positive/direct-flow.ts ├── positive/helper-flow.ts ├── negative/trusted-instruction.ts └── expected-alerts.json Do not test for the literal phrase ignore previous instructions . Static analysis needs a data-flow path. Preserve a supported SDK call from your production stack so CodeQL can recognize the sink. js // Intentionally vulnerable fixture. Never ship this path. import { model } from "./supported-client"; declare function loadIssueBody id: number : Promise