modify prompt

nayanakto · nayanakto · commit c8b5d91c491f · 2025-08-25T13:43:46.000+05:30
diff --git a/MCP-Security/MCPResponseDataLeakCheck.yml b/MCP-Security/MCPResponseDataLeakCheck.yml
@@ -50,5 +50,5 @@ execute:
 validate:
   response_payload:
     contains_either: |-
-      $magic Analyze the response for signs of sensitive or internal data leakage. Flag values that meet any of the following: - Credentials or secrets (e.g., tokens, API keys, passwords, base64 or JWT-like blobs) - Internal service references (e.g., internal URLs, IPs like 10.x.x.x, *.internal domains, localhost, local domains) - Debug traces, error dumps, or stack traces. - User data (emails, phone numbers, names) ONLY IF: - It's unrelated to the current authenticated user, or - Appears inside debug, tool, or error responses unexpectedly
-      Do not flag business response fields unless they contain sensitive-looking values. Focus on the content of the values, not field names. Return only red-flag values. Return an empty list if nothing suspicious is found.
+      $magic Analyze the response for signs of sensitive or internal data leakage. Flag values that meet any of the following: - Credentials or secrets (e.g., tokens, API keys, passwords, base64 or JWT-like blobs) - User data (emails, phone numbers, names) ONLY IF: - It's unrelated to the current authenticated user, or - Appears inside debug, tool, or error responses unexpectedly
+      Do not flag business response fields unless they contain sensitive-looking values. Focus on the content of the values, not field names. Return only red-flag values. Return an empty list if nothing suspicious is found.
