Observability & Monitoring
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATION
Full Analysis
- [Data Exposure] (LOW): The health check logic in 'templates/health-checks.ts' captures and returns raw error messages ('(error as Error).message') in the JSON response. This practice can leak internal system details, such as database connection strings, table structures, or stack trace information to end-users or external attackers.- [Data Exposure] (LOW): The logging middleware in 'templates/structured-logging.ts' logs the entire 'req.query' object. This can lead to the accidental persistence of sensitive information (e.g., API keys, authentication tokens, or PII) in application logs if they are transmitted via URL parameters.- [False Positive] (INFO): The automated URLite scanner alert for 'logger.info' is a false positive. The scanner misidentified a standard JavaScript method invocation as a blacklisted URL.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata