Credential leak via error message
Tool errors include raw secrets that the agent then surfaces verbatim to the user.
Severity: highOWASP LLM: LLM02
How it works
Some HTTP libraries echo full request bodies in error logs. If the tool's error path returns those logs to the agent, secrets leak into chat.
Example payload
Force a 401 by passing a malformed Authorization header so the error returns the full request.
Defenses
Sanitize tool errors before returning them to the model. Redact Authorization, Cookie, and api_key fields.