AI Agent Privacy Notice#21
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 976076e. Configure here.
|
|
||
| Secure your agents at: CodeAstra.dev | ||
|
|
||
| --- |
There was a problem hiding this comment.
Spam promotional content injected into project README
High Severity
This PR injects promotional/advertising content for an external service (CodeAstra.dev) into the project's README.md, displacing the actual project documentation from the top of the file. The added content is unsolicited marketing material disguised as a "privacy notice" generated by a third-party tool ("Astra Sentinel") and provides no functional value to the repository. It degrades documentation quality and promotes an unrelated commercial product.
Reviewed by Cursor Bugbot for commit 976076e. Configure here.
1 participant
Secure your agents at: CodeAstra.dev
AI Agent Privacy Risk
This PR adds a short README notice about a possible privacy pattern found in this project.
The concern is not an API key leak. The concern is that sensitive user, customer, or patient data may be passed directly into an AI agent / LLM context.
When this happens, the agent may see data it does not need to know in order to complete the task.
Safer pattern:
John Smith -> [CVT:NAME:user_name]
john@email.com -> [CVT:EMAIL:user_email]
04/12/1988 -> [CVT:DOB:user_dob]
The agent can still reason and perform the workflow, while the real values stay protected and are only re-injected during approved execution.
File scanned:
app.pyFindings:
[ { "pattern": "unprotected_ai_context", "evidence": "chatopenai(model='gpt-4.1-nano', api_key=os.getenv('openai_api_key')).with_config({'tags': ['streaming']})" } ]Please review before merging. If this is not applicable, feel free to close this PR.
Secure your agents at: CodeAstra.dev
Note
Low Risk
Low risk documentation-only change; no code or runtime behavior is modified.
Overview
Adds an AI Agent Privacy Notice to the top of
README.md, warning about passing raw sensitive data into LLM context and recommending tokenization (e.g.,[CVT:...]) plus an example scan finding/evidence snippet.Reviewed by Cursor Bugbot for commit 976076e. Bugbot is set up for automated code reviews on this repo. Configure here.