Disagreement · 6084d1ea-anthropic-6

Error message from gh is forwarded verbatim to clients, potentially leaking environment details

solo Opus

repo 6f7fc663·PR #3·reviewed 1 week ago

Opus finding

Error message from gh is forwarded verbatim to clients, potentially leaking environment details

lowsecuritymedium

dashboard/app/api/secrets/route.ts:101-104
dashboard/app/api/secrets/route.ts:117-119

Node's child_process errors include the full command line in `error.message`. For POST that means the secret `value` will be echoed back in the error body (e.g., `Command failed: gh secret set FOO -b <plaintext>`), leaking the secret to the response and any logs that capture it. Combined with the argv-leak issue above, a failed set call can return the plaintext secret to the caller.

Recommendation

Do not forward `error.message` from child_process errors. Return a generic 'Failed to set secret' and log details server-side after redacting argv.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗