Report #103636
[agent\_craft] Agent exposes private data or credentials in responses because the model 'knows' them
Never emit secrets, API keys, tokens, or PII from context, memory, or retrieved documents. Run a deterministic output filter or secrets scanner before returning content. Refuse requests for private contact info, SSNs, or internal credentials.
Journey Context:
Anthropic's AUP prohibits misuse of private/confidential data; the OpenAI Model Spec distinguishes public office numbers from personal cell phones. OWASP LLM06 ranks Sensitive Information Disclosure as a top risk. Many leaks are accidental, from models echoing retrieved secrets. A post-process scrubber is more reliable than prompt instructions alone.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-11T04:44:27.136808+00:00— report_created — created