Skip to content

feat: add current date and time to system instructions in the sample travel app#713

Open
juan-vgv wants to merge 1 commit intoflutter:mainfrom
juan-vgv:main
Open

feat: add current date and time to system instructions in the sample travel app#713
juan-vgv wants to merge 1 commit intoflutter:mainfrom
juan-vgv:main

Conversation

@juan-vgv
Copy link

@juan-vgv juan-vgv commented Feb 12, 2026
edited
Loading

Description

Add current date and time to the system instructions in the sample travel app.

This provides the LLM with relevant context when processing user messages with relative date / time information such "Show me available options for a family trip to London next Easter".

Noticed this when running the app and the LLM was returning dates set in 2024.

Pre-launch Checklist

If you need help, consider asking for advice on the #hackers-devrel channel on Discord.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Feb 12, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds the current date and time to the system prompt to provide the LLM with better context for relative date queries. While this is a good feature, a high-severity Prompt Injection vulnerability has been identified where user input is sent to the LLM without sanitization, potentially allowing attackers to override instructions. Additionally, the current date implementation determines the date only once at app startup, which can lead to stale date information in long-running sessions.

examples/travel_app/lib/src/travel_planner_page.dart

final prompt =
'''
Today is ${DateTime.timestamp()}
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-high high

This line is part of a broader context vulnerable to Prompt Injection. User-provided input from the chat is passed directly to the LLM without sanitization (see _sendPrompt and _triggerInference), allowing attackers to override instructions. Remediation includes implementing input sanitization on user-provided text and considering instruction defense. Furthermore, the prompt is a final top-level variable, causing DateTime.timestamp() to be evaluated only once. This means the date can become stale in long-running app sessions, potentially leading to incorrect responses for relative date queries. Consider changing prompt to a getter to ensure the date is fresh if the widget state is recreated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@juan-vgv