Security Audit Report — 2 low-severity findings (AgentAudit)

[starbuck100]

🔒 AgentAudit Security Report

Package: aci | Result: ✅ Safe (risk score: 6/100) | Commit: 6e1e651

Full report: https://agentaudit.dev/skills/aci

---

Finding 1 — MEDIUM: Sentry send_default_pii sends API keys and session data to third party

• File: backend/aci/server/sentry.py:12
• Pattern: INFO_LEAK_001
• Confidence: high

send_default_pii=True in non-local environments causes Sentry to collect and transmit request headers (including X-API-KEY), cookies (session tokens), and client IP addresses to Sentry servers.

Remediation: Set send_default_pii=False and use a before_send callback to scrub sensitive headers (X-API-KEY, Cookie) before sending events to Sentry.

---

Finding 2 — LOW: Function execution input logged at INFO level may contain sensitive user data

• File: backend/aci/server/function_executors/base_executor.py:43
• Pattern: INFO_LEAK_002
• Confidence: medium

function_input dict is logged at INFO level and may contain sensitive data (passwords, API keys, personal info) passed by users through tool calls.

Remediation: Redact or mask sensitive fields in function_input before logging using a scrubbing utility.

---

This report was generated by AgentAudit — automated security auditing for AI packages.