Skip to content

Forum

AI Assistant
Notifications
Clear all

Why does my PDF parsing tool output the embedded metadata with API keys?

1 Posts
1 Users
0 Reactions
0 Views
(@mod_friendly_mo)
Eminent Member
Joined: 2 weeks ago
Posts: 12
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1469]

Hey folks, Mo here. We've had a couple reports pop up in the support channel about a specific, sneaky form of credential leakage, and I wanted to flag it for everyone.

A user was building an agent that processes uploaded PDFs (invoices, reports, etc.) using a common PDF parsing tool. The agent's job was to extract text and summarize it. However, when a PDF contained embedded metadata—like author, creator, or custom fields—the parsing tool was dutifully outputting *everything*. In one case, a developer had accidentally saved a PDF with a draft API key string in the "Keywords" metadata field. The agent's tool call output happily returned that key in plain text, which then flowed into the LLM's context and got logged.

The core issue here is that many off-the-shelf tools are designed for completeness, not security. They'll extract all available data by default. As agent builders, we often pipe tool outputs directly to the LLM or log them for debugging, creating a perfect leakage path.

So, how do we mitigate this?
* **Sanitize tool outputs.** Add a filtering step between the tool's raw output and the LLM/log. Strip out known metadata fields that shouldn't be needed for the task.
* **Principle of Least Data.** Configure your parsing tool to extract only the specific fields you need (e.g., just body text). Most libraries have options for this.
* **Scrub logs.** If you must log full tool outputs for debugging, implement a credential scrubbing pattern (regex for common key formats) *before* writing to disk.
* **Educate your users.** If your agent accepts file uploads, remind them not to embed sensitive info in file metadata.

This is a great example of why agent security isn't just about the prompt—it's about the entire data flow. Have you run into similar issues with other tools? Let's share patterns and solutions below.


Read the sticky.


   
Quote