enterprise-deep-research

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Stopping research from App.js');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('[DetailsPanel - renderWebLinks] Received links:', links);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('[DetailsPanel - renderWebLinks] Generated HTML for web links (first 300 chars):', generatedHtml.substring(0, 300) + '...');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('[DetailsPanel - generateEnhancedDetailsHtml] Processing item:', item);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Found enriched data:', item.enrichedData);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('[DetailsPanel - generateEnhancedDetailsHtml] item.enrichedData:', item.enrichedData);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Extracted links:', allLinks);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('[DetailsPanel - generateEnhancedDetailsHtml] Extracted links for renderWebLinks:', links);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Found node data:', item.nodeData);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('[DetailsPanel] Rendering todo plan - version in content:', versionMatch ? versionMatch[1] : 'unknown');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('[DetailsPanel] Parsed sections:', sections.length, sections.map(s => ({ title: s.title, taskCount: (s.content.match(/^[ ]*[-*] \[[ x~]/gm) || []).length })));

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('[DetailsPanel] Full todoPlanContent length:', todoPlanContent?.length);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Processing citation ${citationNumber}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Found references section:', referencesSection.substring(0, 200) + '...');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Found match with pattern:`, pattern, citationMatch);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Found URL in citation line:`, urlMatch[1]);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Searching entire document for citation ${citationNumber}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Found URL near citation:`, citationUrlMatch[1]);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Found URL in paragraph with citation:`, urlMatches[0]);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Using URL by position:`, url);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Falling back to first URL found:`, allUrls[0]);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`No URL found for citation ${citationNumber}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Error parsing URL for title extraction:', e);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('[RESEARCH_EVENT]', event.event_type || event.type, event)

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Node end: ${nodeName}`, event.data)

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log("Received research complete event:", event)

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Setting shouldAutoReconnect to ${value}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Manually disconnecting research event source');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Closing SSE connection manually');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Clearing stale connection timer');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('cancelResearch called');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Requesting backend to stop research for session ${currentSessionId}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Backend stop response:', data);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Error requesting backend stop:', err);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Canceling active reader');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Error canceling reader:', err);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Clearing connection check interval');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Successfully canceled research request for "${canceledRequest}"`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Clearing polling interval');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('[DEBUG] startResearch called with:', { query, provider, model, uploadedFileContent, databaseInfo });

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('[DEBUG] Stored event handlers:', { onEvent: typeof onEvent, onComplete: typeof onComplete, onError: typeof onError });

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Cleaning up any previous sessions for fresh start...');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('✅ Cleanup complete:', cleanupData);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('⚠️ Cleanup request failed (non-fatal):', cleanupErr);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

// console.log(`Starting research with URL: ${apiUrl}, steering: ${enableSteering}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Research settings: extraEffort=${extraEffort}, minimumEffort=${minimumEffort}, benchmarkMode=${benchmarkMode}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Ignoring duplicate request within debounce time');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Request already in progress, ignoring duplicate');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Cleaning up request: ${requestKey}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('[DEBUG] Adding database_info to request:', databaseInfo);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('[DEBUG] Converting uploaded file content array to string');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('[DEBUG] Added uploaded_data_content to request body, length:', combinedContent.length);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('[DEBUG] Added uploaded_data_content (string) to request body, length:', uploadedFileContent.length);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Making research request with body:', requestBody);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Research request response:', data);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

// console.log('[STEERING] Research started with steering enabled');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

// console.log(`[STEERING] Set current session ID: ${currentSessionId}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

// console.log('[STEERING] Starting plan polling for real-time updates');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Received stream URL: ${streamUrl}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`[DEBUG] connectToEventSource called with url: ${url}, onEvent handler:`, typeof onEvent);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Connecting to event source: ${fullUrl}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`SSE connection opened successfully! ReadyState: ${eventSource?.readyState}`, event);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Successfully reconnected to SSE stream.');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Research already complete - clearing stale connection timer');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Connection appears to be stale - no events in 30 seconds');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`[DEBUG] processEvent called with eventType: ${eventType}, event.data:`, event.data);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Received ${eventType} event with empty or undefined data`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`[DEBUG] Parsed data for ${eventType}:`, parsedData);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`[DEBUG] Received event type: ${eventType}`, parsedData);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Received array of ${parsedData.length} events for type ${eventType}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`[DEBUG] Calling onEvent for array item ${index + 1}/${parsedData.length}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`[DEBUG] Calling onEvent for single event of type ${eventType}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`[DEBUG] onEvent handler is null/undefined for event type ${eventType}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Research complete event received through named listener - disabling auto-reconnect');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Research complete - cleaning up request');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Closing SSE connection after receiving research_complete');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Clearing stale connection timer after research_complete');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`[DEBUG] Received event through 'message' listener:`, event.data);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Received generic message event with empty or undefined data`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`[DEBUG] Received event through 'message' listener with type: ${eventType}`, data);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`[DEBUG] Calling onEvent from message listener for type: ${eventType}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`[DEBUG] onEvent handler is null/undefined in message listener`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`[DEBUG] Received event through onmessage:`, event.data);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Received onmessage event with empty or undefined data`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`[DEBUG] Parsed data in onmessage:`, parsedData);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Received array of ${parsedData.length} events via onmessage`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`[DEBUG] Skipping duplicate SSE event on fallback 'message' for: ${eventType}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Research complete event received in onmessage handler (array) - disabling auto-reconnect');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`[DEBUG] Processing event ${index + 1}/${parsedData.length} from onmessage array with type: ${eventType}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`[DEBUG] Calling onEvent from onmessage array for type: ${eventType}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`[DEBUG] Skipping duplicate SSE event on fallback 'message' for: ${eventType}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Research complete event received in onmessage handler (single) - disabling auto-reconnect');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Received unnamed single message event with type: ${eventType}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Ignoring EventSource error since research is already complete');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Auto-reconnect is enabled, will try to reconnect...');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Closing event source due to error and auto-reconnect disabled.');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Connection terminated without reconnect - cleaning up request');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

// console.log(`[STEERING] Starting polling for session: ${sessionId}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

// console.log(`[STEERING] Polling session status for: ${sessionId}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

// console.log('[STEERING] Session status:', sessionData);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Research completed, stopping polling');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

// console.log(`[STEERING] Sending message to session ${currentSessionId}: ${message}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

// console.log('[STEERING] Message sent successfully:', data);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

// console.log(`[STEERING] Fetching plan status for session: ${currentSessionId}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

// console.log('[STEERING] Received plan status:', {

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('[STEERING] Stopping plan polling');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`[STEERING] Getting todo plan for session: ${currentSessionId}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`[STEERING] Failed to get todo plan: ${response.status}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('[STEERING] Got todo plan:', planData);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Research is already complete - will not attempt to reconnect');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Not reconnecting as auto-reconnect is disabled');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Not reconnecting - cleaning up request');

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Connection lost. Reconnection attempt ${attempt}/${maxAttempts} scheduled...`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Attempting reconnection ${attempt}/${maxAttempts}...`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Reconnecting to existing stream: ${lastResponseUrl}`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log(`Attempting to reconnect for query: "${lastQuery}"`);

Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.

console.log('Maximum reconnection attempts reached.');

Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.

console.log('Closing event source due to error and auto-reconnect disabled.');

Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.

console.log('Not reconnecting as auto-reconnect is disabled');

Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.

video.audio.write_audiofile(temp_audio_path, verbose=False, logger=None)

Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.

logger.info(f"callbacks at entry: {'present' if callbacks else 'none'}")

Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.

# Silently fail - trajectory logging should never break research

Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.

logger.info(f"Tool class: {tool.__class__.__name__}, Config present: {hasattr(tool, 'config') and tool.config is not None}")

Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.

logger.info(f"[SearchToolRegistry.__init__] Initializing registry with config type: {type(config).__name__ if config else 'None'}")

Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.

self.logger.info("[VisualizationAgent] Defaulting to 'visualization_needed: False' due to parsing failure.")

Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.

# else: # Old fallback logic based on regex content analysis (now handled by LLM or the final 'False' fallback)

Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.

self.logger.info(f"[VisualizationAgent] Final visualization needs keys: {vis_needs.keys() if vis_needs else 'None'}")

Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.

def trace_state_changes(state, node_name=None):

Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.

const apiBaseUrl = isDevelopment ? 'http://localhost:8000' : ''

Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.

return isDevelopment ? 'http://localhost:8000' : ''

Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.

const response = await fetch(apiUrl, {

Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.

base_url="http://localhost:3000"

Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.

base_url="http://localhost:3000"

Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.

base_url="http://localhost:3000"

Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.

#     url="http://localhost:8931/sse" # Using SSE endpoint from docs

Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.

url = f"http://localhost:{server['default_port']}/mcp/v1/initialize"

Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.

base_url="http://localhost:3000"

HTML comments in tool descriptions may contain hidden instructions intended to influence LLM reasoning.

markdown_report = re.sub(r"<!--.*?-->", "", markdown_report, flags=re.DOTALL)

OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.

api_key: The SambaNova API key (Bearer token)

OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.

"Authorization": f"Bearer {self._api_key}",

OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.

"Authorization": f"Bearer {self._api_key}",

API endpoints without rate limiting are vulnerable to brute force and denial of service.

@router.post("/message", response_model=SteeringResponse)

API endpoints without rate limiting are vulnerable to brute force and denial of service.

@router.get("/plan/{session_id}", response_model=SessionPlan)

API endpoints without rate limiting are vulnerable to brute force and denial of service.

@router.get("/status/{session_id}", response_model=PlanStatus)

API endpoints without rate limiting are vulnerable to brute force and denial of service.

@router.get("/interactive/session/{session_id}")

API endpoints without rate limiting are vulnerable to brute force and denial of service.

@router.get("/sessions")

API endpoints without rate limiting are vulnerable to brute force and denial of service.

@router.get("/examples")

POST/PUT/DELETE endpoints without CSRF tokens are vulnerable to cross-site request forgery.

@router.post("/message", response_model=SteeringResponse)

Using path.join or path.resolve with variables from user input without validation can lead to directory traversal.

file_path = os.path.join(args.input_dir, file)

Using Python's open() with variable paths without validation enables path traversal.

with open(f"deep_research_bench/data/test_data/raw_data/{args.model_name}.jsonl", "w", encoding="utf-8") as f:

Direct access to sensitive files like /etc/passwd, /etc/shadow, or SSH keys indicates potential data exfiltration.

start_cmd = "/root/.jupyter/start-up.sh"

Backslash-based directory traversal patterns targeting Windows file systems.

description += f"- Preview: {content[:100]}...\n"

Backslash-based directory traversal patterns targeting Windows file systems.

print("...\n")

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = llm.invoke(messages, config=config)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = model.invoke(messages)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

result = await tool.ainvoke(func_call["args"])

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

multiply_result = await tool.ainvoke(multiply_args)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

final_response = model.invoke(messages)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

final_response = model.invoke(messages)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

result = await tool.ainvoke(args)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

final_response = model.invoke(messages)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

final_response = model.invoke(messages)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

retry_response = model.invoke(messages)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

result = await tool.ainvoke(func_call["args"])

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

final_response = model.invoke(messages)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

result = await tool.ainvoke(args)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

final_response = model.invoke(messages)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

agent_response = await agent_executor.ainvoke({"input": query})

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

agent_response = await agent_executor.ainvoke({"input": query})

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = llm.invoke([message])

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = llm.invoke([message])

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = llm.invoke([message])

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = await llm_with_tool.ainvoke(messages)  # Use await and ainvoke

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = await llm.ainvoke(messages)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

search_result = await tool_executor.execute_tool(

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = llm.invoke([HumanMessage(content=analysis_prompt)])

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = llm.invoke(

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = llm.invoke(

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

result = llm.invoke(

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = llm.invoke(prompt)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = llm.invoke(prompt)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = llm.invoke(prompt)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = llm.invoke(prompt)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = llm.invoke(prompt, **invoke_kwargs)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = llm.invoke(prompt)  # Fallback to calling without it

Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.

task.description = action.get("description", task.description)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = await llm.ainvoke(messages)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = await llm.ainvoke(messages)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = await llm.ainvoke(messages)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = await llm.ainvoke(messages)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

result = await executor.execute_tool(op_name, params)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

result = await executor.execute_tool(

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

nav_result = await executor.execute_tool(

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

pdf_result = await executor.execute_tool(

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

screenshot_result = await executor.execute_tool(

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

# snapshot_result = await executor.execute_tool(

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

#     type_result = await executor.execute_tool(

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

result = await executor.execute_tool(

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

result = await executor.execute_tool(

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

result = await executor.execute_tool(

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

result = await executor.execute_tool(

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

result = await client.execute_tool(op_name, params)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

result = await tool.lc_tool.ainvoke(params, config=config)

Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.

mock_tool.description = "Echo back the message."

Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.

assert tools[0].description == "Echo back the message."

Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.

self.description = "Convert natural language queries to SQL and execute against uploaded databases"

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = llm_client.invoke([HumanMessage(content=prompt)])

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = llm_client.invoke([HumanMessage(content=prompt)])

Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.

self.description = description

Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.

self.description = description

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = await llm_with_tool.ainvoke(messages)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = await llm.ainvoke(messages)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

response = await llm.ainvoke(messages)

Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.

result = graph.invoke({"research_topic": research_topic}, config=config)

String literals matching known API key prefixes (sk-, ghp_, AKIA, xoxb-, etc.) or long base64-like strings may expose secrets in source code.

OPENAI_API_KEY = os.environ.get("OPENAI_API_KEY", "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")

subprocess calls with shell=True execute commands through the shell, enabling injection attacks.

result = subprocess.run(server["install_command"], shell=True)

subprocess calls with shell=True execute commands through the shell, enabling injection attacks.

subprocess.run(server["run_command"], shell=True)

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

print("\nTaking screenshot (using PDF as workaround)...")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

screenshots_dir = os.path.join(project_root, "screenshots")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

screenshots_dir = os.path.join(project_root, "screenshots")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

output_file_path = os.path.join(screenshots_dir, "example_com.pdf")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

# Copy the file to our screenshots directory

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

os.makedirs(screenshots_dir, exist_ok=True)  # Ensure screenshots directory exists

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

os.makedirs(screenshots_dir, exist_ok=True)  # Ensure screenshots directory exists

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

# ALSO attempt to take an actual screenshot (as a second approach)

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

print("\nAlso attempting to take a PNG screenshot...")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

output_screenshot_path = os.path.join(screenshots_dir, "linkedin_profile.png")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

output_screenshot_path = os.path.join(screenshots_dir, "linkedin_profile.png")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

screenshot_result = await executor.execute_tool(

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

"mcp.playwright.browser_take_screenshot",

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

print(f"Screenshot command executed. Result: {screenshot_result}")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

# Check if Playwright saved the screenshot somewhere and reported the location

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

if isinstance(screenshot_result, str) and "Saved as" in screenshot_result:

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

if isinstance(screenshot_result, str) and "Saved as" in screenshot_result:

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

actual_path = screenshot_result.replace("Saved as", "").strip()

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

print(f"Actual screenshot file location: {actual_path}")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

# Copy the file to our screenshots directory

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

shutil.copy2(actual_path, output_screenshot_path)

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

if os.path.exists(output_screenshot_path):

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

print(f"Successfully copied screenshot to: {output_screenshot_path}")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

print(f"Successfully copied screenshot to: {output_screenshot_path}")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

print(f"Failed to copy screenshot to: {output_screenshot_path}")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

print(f"Failed to copy screenshot to: {output_screenshot_path}")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

print(f"Found possible screenshot at: {newest_file}")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

shutil.copy2(newest_file, output_screenshot_path)

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

if os.path.exists(output_screenshot_path):

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

print(f"Successfully copied most recent PNG to: {output_screenshot_path}")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

print(f"Failed to copy most recent PNG to: {output_screenshot_path}")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

print(f"Error processing screenshot: {e}")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

# Take a screenshot

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

print("\nTaking screenshot...")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

screenshots_dir = os.path.join(project_root, "screenshots")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

screenshots_dir = os.path.join(project_root, "screenshots")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

os.makedirs(screenshots_dir, exist_ok=True)

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

"mcp.puppeteer.puppeteer_screenshot",

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

"name": "example_screenshot",

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

screenshot_path = os.path.join(screenshots_dir, "example_screenshot.png")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

screenshot_path = os.path.join(screenshots_dir, "example_screenshot.png")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

screenshot_path = os.path.join(screenshots_dir, "example_screenshot.png")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

with open(screenshot_path, 'wb') as f:

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

print(f"Screenshot saved to: {screenshot_path}")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

print(f"Error taking screenshot: {e}")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

# Take a screenshot (optional)

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

screenshot_path = f"screenshot_{url.replace('://', '_').replace('/', '_').replace('.', '_')}.png"

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

screenshot_path = f"screenshot_{url.replace('://', '_').replace('/', '_').replace('.', '_')}.png"

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

"mcp.puppeteer.screenshot",

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

{"path": screenshot_path}

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

print(f"Screenshot saved to: {screenshot_path}")

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

"screenshot_path": screenshot_path

Accessing clipboard contents or taking screenshots may be used to capture and exfiltrate sensitive data.

"screenshot_path": screenshot_path

Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.

self.process.stdin.write(json.dumps(message).encode() + b"\n")

Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.

cursor.execute("SELECT * FROM data LIMIT 3")

Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.

cursor.execute(f"SELECT * FROM {table_name} LIMIT 3")

Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.

sql_query = "SELECT * FROM customers WHERE state = 'CA'"