Skip to content

compose.one (and likely other read endpoints) return env vars in plaintext, leaking secrets into LLM context #41

Description

@milkyskies

The compose-one MCP tool returns the full env field as a plaintext string in its response payload, including any secrets stored there (API keys, admin passwords, DB credentials, registration tokens, etc.).

Example response shape:

{
  "data": {
    "composeId": "...",
    "env": "POSTGRES_PASSWORD=hunter2\nADMIN_PASSWORD=...\nOPENAI_API_KEY=sk-...",
    "composeFile": "...",
    ...
  }
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions