✓What Improper Output Handling is — in plain English and in OWASP’s definition
✓Why LLM output must be treated as untrusted — the same as user input
✓How LLM05 differs from Prompt Injection (LLM01) and why both matter
✓4 attack patterns: XSS, Code Injection/RCE, SQL Injection, SSRF & Path Traversal
✓CVE-2023-29374 (LangChain, CVSS 9.8) — exec() on LLM output = RCE
✓CVE-2024-5565 (Vanna.AI, CVSS 9.2) — text-to-SQL + exec() = full host compromise
✓ChatGPT plugin XSS (Imperva, 2023) — innerHTML on LLM output = session theft
✓All 4 OWASP official scenarios, retold concretely with real attack mechanics
✓7 mitigation categories: zero-trust output, encoding, parameterized queries, sandboxes, structured output, CSP, least privilege