Full-stack developer focused on Buddhist digital humanities and AI security — building open-source tools that make ancient texts accessible to modern researchers, and securing LLM applications.
-
FoJin 佛津
— The world's encyclopedic Buddhist digital text platform. 500+ sources, 30 languages, full-text reading, AI Q&A, knowledge graph, parallel reader. FastAPI + React + Elasticsearch.
-
Buddhist AI Translator
— AI translation for Buddhist texts across Sanskrit, Pali, Tibetan, and Classical Chinese.
-
llm-seclint
— Static security linter for LLM-powered applications. The Bandit for the AI era.
Merged
| Project | Stars | PR | Description |
|---|---|---|---|
| trailofbits/skills |  |
#130 | docs(aflpp): add opinionated environment variables guide |
| buddhist-uni |  |
#636 | Added Node.js unit tests for core JavaScript utilities |
| Dify |  |
#33769 | fix: remove legacy z-index overrides on model config popup |
| Dify | #33767 | fix(tests): correct keyword arguments in tool provider test constructors | |
| buddhist-uni | |
#637 | Split search_index.js into pure JS logic and Liquid data template |
| LiteLLM |  |
#24070 | fix: thinking blocks dropped when thinking field is null |
| gstack |  |
#128 | fix: eliminate duplicate command sets in chain, improve flush perf |
| buddhist-uni | #634 | Add help text to Archive.org borrowable links | |
| SurfSense |  |
#886 | fix: use asyncio.to_thread for embedding calls in search endpoints |
In Review
| Project | Stars | PR | Description |
|---|---|---|---|
| AutoGen |  |
#7466 | fix(security): sanitize page title to prevent prompt injection |
| AutoGen | #7467 | fix(security): upgrade LocalCommandLineCodeExecutor warning | |
| MCP python-sdk |  |
#2351 | fix(security): remove shell=True to prevent command injection |
| crewAI |  |
#5104 | fix(security): replace eval() with safe parsing in template |
| LiteLLM | |
#24543 | fix(security): migrate PyPI publishing to Trusted Publishers (OIDC) |
| Dify | |
#33986 | fix: constant-time API key comparison + prevent IDOR |
| vllm |  |
#37939 | fix(security): replace eval() with safe math in tool examples |
| LiteLLM | #24458 | fix(security): use Jinja2 SandboxedEnvironment to prevent SSTI | |
| LiteLLM | #24455 | fix(security): add AST validation for custom code exec() | |
| LiteLLM | #24346 | fix(security): fix prompt injection detection — async heuristics | |
| crewAI | |
#5005 | fix(security): prevent XXE attacks with defusedxml |
| MCP Servers |  |
#3663 | fix(sqlite): prevent SQL injection in describe_table |
| FastChat |  |
#3820 | fix(security): sanitize HTML to prevent XSS injection |
| Streamlit |  |
#14450 | feat: show hex color indicators in inline code |
| gstack | |
#167 | fix: validate navigation URLs to prevent SSRF |
If you're interested in Buddhist studies, digital humanities, or NLP for historical texts — open an issue or start a discussion on any of my repos.