Receipt · 50084e99-1
Detailed server error messages leaked to clients
securitymediumclosed in 4b9b492closed in 1 hour
repo 6f7fc663·PR #1·reviewed 2 days ago·2 days ago
The finding
- dashboard/app/api/skills/[name]/run/route.ts:39-41
The handler returns error.message to clients. Child process and environment-related errors can expose internal paths, CLI diagnostics, or configuration details, aiding attackers.
Fix
Return a generic error message to clients and log detailed errors server-side. Map known errors to safe, user-friendly messages as needed.
Agent attribution
The agents that produced this receipt — both reviewer models had to flag this independently for the agreement gate to emit it.
anthropic
gpt-5
43.7s · error
openai
claude-opus-4-7
58.6s · error
Total
wall-clock review time · est. inference cost
58.6s · $0.40
Sweeper
closed at SHA 4b9b492
closed in 1 hour
internal review id · 50084e99
Third-party witnesses
Everything below lives on GitHub's event log, not ours. Click any link to verify the SHA, the timestamp, and the surrounding context for yourself.
Closure receipt comment
https://github.com/AntFleet/aeon-bench/pull/1#issuecomment-4476008423Original review comment
https://github.com/AntFleet/aeon-bench/pull/1#issuecomment-4475345067The pull request
https://github.com/AntFleet/aeon-bench/pull/1