Expected Findings
- System prompt is accessible to anonymous users.
- Fake OpenAI key and vector index metadata ship to the browser.
- Search endpoint leaks internal support and finance notes.
Scrappy AI SaaS
AI Startup
The page boot script immediately loads chat config, exposes a system prompt, and performs a support search that leaks internal notes into the UI.
Support Copilot
On load this widget fetches prompt config and a support index.
Primary Flows
- Chat bootstrap Frontend-visible model and key metadata
- System prompt Prompt template rendered without auth
- Leaky support search RAG-like search over internal data
- Debug env Runtime env dump
Signals
Boot Script
window.SYSTEM_PROMPT = "Internal support agent rules..."
Frontend Secret
OPENAI_API_KEY = "sk-fake-openai-key"
Notes
- The preview executes three fetches on page load to make the vulnerability visible to crawlers and browser-driven tests.