All projects which have been just open sourced are going to contain bugs. That is, until people like you find them and fix them and submit pull requests ;).
CI strips out all funky characters, so while it is possible to cause an erroneous query, I'm not seeing a security issue here.
On top of that we are all hopefully always learning. New kinds of security attacks will come along and we will have to figure out how to address them.
I would encourage you to consider trying hard to build a team around your project. In my experience open source software is hard work and really only can thrive in a community. This doesn't form magically around the software. It takes time and effort to build. If you can get good security folks in your community you can learn a lot from them.
CI strips out all funky characters, so while it is possible to cause an erroneous query, I'm not seeing a security issue here.