ワンクリックで
sc-data-exposure
Sensitive data exposure detection — PII leaks, verbose errors, debug mode, and information disclosure
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Sensitive data exposure detection — PII leaks, verbose errors, debug mode, and information disclosure
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Comprehensive AI-powered security scanning suite with 48 skills covering OWASP Top 10, 7 language-specific deep scanners (Go, TypeScript, Python, PHP, Rust, Java, C#), supply chain analysis, infrastructure-as-code scanning, and 3000+ checklist items. Use when you need to run a security audit, find vulnerabilities, scan a PR for security issues, or perform a penetration test on a codebase.
C#/.NET-specific security deep scan
Go-specific security deep scan
Java/Kotlin-specific security deep scan
PHP-specific security deep scan
Python-specific security deep scan
| name | sc-data-exposure |
| description | Sensitive data exposure detection — PII leaks, verbose errors, debug mode, and information disclosure |
| license | MIT |
| metadata | {"author":"ersinkoc","category":"security","version":"1.0.0"} |
Detects sensitive data exposure including PII in logs, stack traces in production responses, debug mode enabled in production, sensitive data in URLs, source maps deployed to production, exposed .git directories, backup files, and excessive data in API responses. Focuses on data leaving the application boundary unintentionally.
Called by sc-orchestrator during Phase 2. Always runs.
# Debug/verbose modes
"DEBUG = True", "debug: true", "NODE_ENV.*development",
"FLASK_DEBUG", "APP_DEBUG", "RAILS_ENV.*development",
"stackTrace", "stack_trace", "printStackTrace"
# PII in logs
"logger.*email", "log.*password", "console.log.*token",
"logging.*credit", "log.*ssn", "print.*secret"
# Sensitive data in URLs
"?token=", "?api_key=", "?password=", "?secret=",
"?access_token=", "?session="
# Information disclosure
".git/", "phpinfo()", "server_info", "X-Powered-By",
".env", "wp-config.php", "web.config", "application.properties"
# Source maps
".map", "sourceMappingURL", "//# sourceMappingURL"
# Verbose error responses
"res.status(500).send(err)", "return error.message",
"traceback.format_exc()", "e.getMessage()"
1. Stack Trace in Production:
// VULNERABLE: Raw error sent to client
app.use((err, req, res, next) => {
res.status(500).json({ error: err.stack });
});
// SAFE: Generic error in production
app.use((err, req, res, next) => {
console.error(err.stack); // Log internally
res.status(500).json({ error: 'Internal server error' });
});
2. PII in Logs:
# VULNERABLE: Logging sensitive data
logger.info(f"User login: email={email}, password={password}")
logger.debug(f"Payment: card={card_number}, cvv={cvv}")
# SAFE: Redact sensitive fields
logger.info(f"User login: email={mask_email(email)}")
logger.debug(f"Payment: card=****{card_number[-4:]}")
3. Debug Mode in Production:
# VULNERABLE: Django debug mode
# settings.py
DEBUG = True # Exposes full stack traces, SQL queries, template context
# SAFE
DEBUG = os.environ.get('DEBUG', 'False') == 'True'
4. Excessive Data in API Response:
// VULNERABLE: Returning full user object including sensitive fields
app.get('/api/users/:id', async (req, res) => {
const user = await User.findById(req.params.id);
res.json(user); // Includes password hash, internal IDs, etc.
});
// SAFE: Select only needed fields
app.get('/api/users/:id', async (req, res) => {
const user = await User.findById(req.params.id)
.select('name email avatar');
res.json(user);
});
DEBUG = os.getenv('DEBUG') properly controlled by environment