diff --git a/app.js b/app.js
index 72bc3e8..47f46da 100644
--- a/app.js
+++ b/app.js
@@ -103,6 +103,13 @@ const ui = isHostApp ? {
     terminalOverlay: document.getElementById('cmsTerminalOverlay')
 } : {};
 
+function escapeHTML(str) {
+    return String(str).replace(/&/g, '&amp;')
+              .replace(/</g, '&lt;')
+              .replace(/>/g, '&gt;')
+              .replace(/"/g, '&quot;')
+              .replace(/'/g, '&#39;');
+}
 
 if (isHostApp) {
 
@@ -1284,7 +1291,7 @@ async function fetchRepos(installationId = null) {
         
         if (!Array.isArray(currentRepos)) {
             const errorMsg = data.message || 'Failed to fetch repositories.';
-            ui.landingRepoList.innerHTML = `<div style="grid-column: 1/-1; padding:40px; text-align:center; color:var(--text-danger)">${errorMsg}</div>`;
+            ui.landingRepoList.innerHTML = `<div style="grid-column: 1/-1; padding:40px; text-align:center; color:var(--text-danger)">${escapeHTML(errorMsg)}</div>`;
             return;
         }
 
@@ -1301,7 +1308,7 @@ async function fetchRepos(installationId = null) {
         
     } catch (err) {
         console.error('FetchRepos Error:', err);
-        ui.landingRepoList.innerHTML = `<div style="grid-column: 1/-1; padding:40px; text-align:center; color:var(--text-danger)">Connection error: ${err.message}</div>`;
+        ui.landingRepoList.innerHTML = `<div style="grid-column: 1/-1; padding:40px; text-align:center; color:var(--text-danger)">Connection error: ${escapeHTML(err.message)}</div>`;
     }
 }
 
diff --git a/build.mjs b/build.mjs
index 26ae01c..648e88c 100644
--- a/build.mjs
+++ b/build.mjs
@@ -21,7 +21,7 @@ async function build() {
     minify: true,
     sourcemap: "external",
     target: "browser",
-    external: ["/lib/*"], 
+    external: ["*"],
   });
 
   if (!result.success) {
@@ -31,12 +31,8 @@ async function build() {
 
   // 3. Copy Static Libraries
   console.log("📂 Copying libraries...");
-  const libs = await readdir("lib");
-  for (const lib of libs) {
-    const src = join("lib", lib);
-    const dest = join(DIST, "lib", lib);
-    await Bun.write(dest, Bun.file(src));
-  }
+  const { cp } = await import("node:fs/promises");
+  await cp("lib", join(DIST, "lib"), { recursive: true });
 
   // Extract the generated hashed file name from Bun's output
   const jsOutput = result.outputs.find(out => out.path.endsWith('.js'));
