From 5621c2e1f2f9c6eebc20416542428284e2bb9ea8 Mon Sep 17 00:00:00 2001 From: Dinzeyi2 <133053311+Dinzeyi2@users.noreply.github.com> Date: Mon, 4 May 2026 10:49:03 -0400 Subject: [PATCH 1/3] AI Agent Privacy Notice --- README.md | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/README.md b/README.md index 5ead8d2..ad5cf23 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,44 @@ +Secure your agents at: CodeAstra.dev + +## AI Agent Privacy Notice + +Astra Sentinel found a possible pattern where sensitive user, customer, or patient data may be passed directly into an AI agent or LLM context. + +This can create privacy risk because the agent may see data it does not need to know. + +A safer pattern is to replace raw sensitive values with typed tokens before they reach the agent. + +Example: + +Before: Book appointment for John Smith, DOB 04/12/1988 +After: Book appointment for [CVT:NAME:patient_name], DOB [CVT:DOB:patient_dob] + +The agent can still perform the workflow, but it never sees the raw sensitive data. + +Detected pattern examples: +```json +[ + { + "type": "unblinded_ai_call", + "evidence": "agent(role='supabase agent', goal='you will perform executions on the supabase database.', backstory=f\"\"\"\\n you are a master at performing executions on the supabase database.\\n you are able to perform the following operations:\\n - get a row from the database.\\n - get all rows from the database.\\n - insert a row into the database.\\n - delete a row from the database.\\n - update a row in the database.\\n \\n for insert operations, the input should be a string containing the input to insert, all columns data should be in a data dict field in the string.\\n \\n for delete operations, try to get the row you are deleting firs" + }, + { + "type": "unblinded_ai_call", + "evidence": "task(description='answer the following questions about the database: {question}.', expected_output='you are to return the result of the operation you performed.', agent=agent)" + }, + { + "type": "unblinded_ai_call", + "evidence": "crew(agents=[agent], tasks=[task], verbose=true, process=process.sequential)" + } +] +``` + +This notice was generated from a privacy scan. Please review before merging. + +Secure your agents at: CodeAstra.dev + +--- + # **Repository** - AI Projects/Learning ### This repo will be helpful in understanding AutoGen providing examples including prompts and agents for SAAS products, how AutoGen works, and diving into the functionality. From 28bbaf74bd5151d005289414f255e457a4f85569 Mon Sep 17 00:00:00 2001 From: Dinzeyi2 <133053311+Dinzeyi2@users.noreply.github.com> Date: Mon, 4 May 2026 11:21:55 -0400 Subject: [PATCH 2/3] AI Agent Privacy Notice --- README.md | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/README.md b/README.md index ad5cf23..5c9a1fd 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,47 @@ Secure your agents at: CodeAstra.dev --- +Secure your agents at: CodeAstra.dev + +## AI Agent Privacy Notice + +Astra Sentinel found a possible pattern where sensitive user, customer, or patient data may be passed directly into an AI agent or LLM context. + +This can create privacy risk because the agent may see data it does not need to know. + +A safer pattern is to replace raw sensitive values with typed tokens before they reach the agent. + +Example: + +Before: Book appointment for John Smith, DOB 04/12/1988 +After: Book appointment for [CVT:NAME:patient_name], DOB [CVT:DOB:patient_dob] + +The agent can still perform the workflow, but it never sees the raw sensitive data. + +Detected pattern examples: +```json +[ + { + "type": "unblinded_ai_call", + "evidence": "agent(role='supabase agent', goal='you will perform executions on the supabase database.', backstory=f\"\"\"\\n you are a master at performing executions on the supabase database.\\n you are able to perform the following operations:\\n - get a row from the database.\\n - get all rows from the database.\\n - insert a row into the database.\\n - delete a row from the database.\\n - update a row in the database.\\n \\n for insert operations, the input should be a string containing the input to insert, all columns data should be in a data dict field in the string.\\n \\n for delete operations, try to get the row you are deleting firs" + }, + { + "type": "unblinded_ai_call", + "evidence": "task(description='answer the following questions about the database: {question}.', expected_output='you are to return the result of the operation you performed.', agent=agent)" + }, + { + "type": "unblinded_ai_call", + "evidence": "crew(agents=[agent], tasks=[task], verbose=true, process=process.sequential)" + } +] +``` + +This notice was generated from a privacy scan. Please review before merging. + +Secure your agents at: CodeAstra.dev + +--- + # **Repository** - AI Projects/Learning ### This repo will be helpful in understanding AutoGen providing examples including prompts and agents for SAAS products, how AutoGen works, and diving into the functionality. From fcc2a6e1c99520865a4dcdb6415a73247618ed42 Mon Sep 17 00:00:00 2001 From: Dinzeyi2 <133053311+Dinzeyi2@users.noreply.github.com> Date: Mon, 4 May 2026 12:02:54 -0400 Subject: [PATCH 3/3] AI Agent Privacy Notice --- README.md | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/README.md b/README.md index 5c9a1fd..b731814 100644 --- a/README.md +++ b/README.md @@ -80,6 +80,47 @@ Secure your agents at: CodeAstra.dev --- +Secure your agents at: CodeAstra.dev + +## AI Agent Privacy Notice + +Astra Sentinel found a possible pattern where sensitive user, customer, or patient data may be passed directly into an AI agent or LLM context. + +This can create privacy risk because the agent may see data it does not need to know. + +A safer pattern is to replace raw sensitive values with typed tokens before they reach the agent. + +Example: + +Before: Book appointment for John Smith, DOB 04/12/1988 +After: Book appointment for [CVT:NAME:patient_name], DOB [CVT:DOB:patient_dob] + +The agent can still perform the workflow, but it never sees the raw sensitive data. + +Detected pattern examples: +```json +[ + { + "type": "unblinded_ai_call", + "evidence": "agent(role='supabase agent', goal='you will perform executions on the supabase database.', backstory=f\"\"\"\\n you are a master at performing executions on the supabase database.\\n you are able to perform the following operations:\\n - get a row from the database.\\n - get all rows from the database.\\n - insert a row into the database.\\n - delete a row from the database.\\n - update a row in the database.\\n \\n for insert operations, the input should be a string containing the input to insert, all columns data should be in a data dict field in the string.\\n \\n for delete operations, try to get the row you are deleting firs" + }, + { + "type": "unblinded_ai_call", + "evidence": "task(description='answer the following questions about the database: {question}.', expected_output='you are to return the result of the operation you performed.', agent=agent)" + }, + { + "type": "unblinded_ai_call", + "evidence": "crew(agents=[agent], tasks=[task], verbose=true, process=process.sequential)" + } +] +``` + +This notice was generated from a privacy scan. Please review before merging. + +Secure your agents at: CodeAstra.dev + +--- + # **Repository** - AI Projects/Learning ### This repo will be helpful in understanding AutoGen providing examples including prompts and agents for SAAS products, how AutoGen works, and diving into the functionality.