Intent-Code Divergence
High
- Confidence
- 98% confidence
- Finding
- The guide states agents should never hold raw private keys directly, but the example wiring loads a base64 private key into the application process and passes it to SecureAgent. That undermines the documented isolation model and increases the chance that a compromised agent runtime, prompt-injection-assisted file/env read, crash dump, or debug log could expose signing material.
