Replace dynamic agent log entries with fixed phrases to prevent data leakage Description

In lib/sandbox/agents/cursor.ts (e.g., lines 16, 21, 25 and elsewhere), dynamic values (redacted command, stdout, stderr) are passed into TaskLogger. Even with the redaction helper, any miss or partial redaction can leak sensitive data. The Gemini agent follows the same pattern (e.g., lib/sandbox/agents/gemini.ts:22, 281). 

Required change:

- Replace all TaskLogger calls that include dynamic command/output content with fixed, non-variable phrases (e.g., “Command executed”, “Agent produced output”, “Agent error occurred”).
- Add tests (or a lint rule) to prevent reintroduction of dynamic content in user-facing logs.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Replace dynamic agent log entries with fixed phrases to prevent data leakage Description #58

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Replace dynamic agent log entries with fixed phrases to prevent data leakage Description #58

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions