Summary
In process_pending_secret_requests(), SecretRequest.reason is embedded verbatim in the user-facing confirmation prompt without length truncation.
A malicious sub-agent could send an arbitrarily long reason string, causing the prompt to overflow terminal display or flood the Telegram message.
Location
crates/zeph-core/src/agent/mod.rs — process_pending_secret_requests()
let prompt = format!(
"Sub-agent requests secret '{}'. Allow?{}",
req.secret_key,
req.reason.as_deref().map(|r| format!(" Reason: {r}")).unwrap_or_default()
);Fix
Truncate reason to 200 characters before embedding:
req.reason.as_deref()
.map(|r| format!(" Reason: {}", &r[..r.len().min(200)]))
.unwrap_or_default()Severity
Low — requires a malicious sub-agent definition, which is a pre-existing trust boundary.
Identified as SEC-M34-003 in security audit of PR for issue #1434.
Summary
In
process_pending_secret_requests(),SecretRequest.reasonis embedded verbatim in the user-facing confirmation prompt without length truncation.A malicious sub-agent could send an arbitrarily long
reasonstring, causing the prompt to overflow terminal display or flood the Telegram message.Location
crates/zeph-core/src/agent/mod.rs—process_pending_secret_requests()Fix
Truncate
reasonto 200 characters before embedding:Severity
Low — requires a malicious sub-agent definition, which is a pre-existing trust boundary.
Identified as SEC-M34-003 in security audit of PR for issue #1434.