imo there is not a vulnerability without demonstrating impact.

Whilst they should do the bare minimum to acknowledge the report, it's pretty much just noise.

- If the system prompt did not have sensitive information it would only be classed as informational

- self-XSS has no impact and is not accepted by bug bounty programs

- "Conversation and message IDs not verified... I did not attempt to access other users’ conversations or prove cross-user compromise" - I put this through burpsuite and the UUID's are not tied to a session because you can access the chatbot without logging in. Unless you can leak used UUIDs from another endpoint, a bug bounty program would not accept brute forcing UUIDs as an issue