As enterprises adopt GenAI, LLM chatbots are becoming core user interfaces—but they introduce hidden security risks. Our research reveals how a known vulnerability in Jinja2, used with Flask, can be exploited through prompt injection to achieve remote code execution and reverse shell access. This highlights a broader class of application-layer vulnerabilities in GenAI stacks. Nestria helps enterprises detect and defend against these AI-native threats before they’re exploited.