(toolName: string, paramPath: Array<string>)
| 137 | } |
| 138 | |
| 139 | function buildMessage(toolName: string, paramPath: Array<string>): string { |
| 140 | return ( |
| 141 | `[TanStack AI Code Mode] Tool "${toolName}" has parameter "${paramPath.join('.')}" ` + |
| 142 | `that looks like a secret. Code Mode executes LLM-generated code — any ` + |
| 143 | `value passed through this parameter is accessible to generated code and ` + |
| 144 | `could be exfiltrated. Keep secrets in your server-side tool implementation ` + |
| 145 | `instead of passing them as tool parameters.` |
| 146 | ) |
| 147 | } |
| 148 | |
| 149 | /** |
| 150 | * Scan tool input schemas for parameter names that look like secrets. |
no outgoing calls
no test coverage detected