Component: finbot/agents/orchestrator.py → OrchestratorAgent._capture_agent_context (line 421)
Root cause:
# orchestrator.py line 421
if summary:
self._workflow_context.append((agent_label, summary))" " (whitespace-only string) is truthy in Python. if summary: evaluates to True when
summary=" ", so a meaningless blank summary is appended to _workflow_context and
propagated to downstream agents via _enrich_with_prior_context.
Steps to reproduce:
- Create an
OrchestratorAgent.
- Call
_capture_agent_context("invoice_agent", {"task_summary": " "}).
- Inspect
agent._workflow_context.
Expected: _workflow_context == [] — whitespace-only summary is not stored.
Actual: _workflow_context == [('invoice_agent', ' ')]
How to execute:
pytest tests/unit/agents/test_orchestrator.py::TestQAFindings::test_orch_qa_001_whitespace_only_summary_should_not_be_captured -v
Proposed fix:
# Before (buggy):
if summary:
# After (correct):
if summary and summary.strip():
Impact: A whitespace-only summary from any upstream agent is silently stored and injected
into the task description of every subsequent downstream agent. This pollutes the LLM context
with empty noise, wastes tokens, and — in a prompt injection scenario — could be used to slip
a blank payload through the if summary: guard undetected (the guard is bypassed by a
non-empty but content-free string).
Acceptance criteria:
test_orch_qa_001_whitespace_only_summary_should_not_be_captured passes_capture_agent_context with task_summary=" " leaves _workflow_context empty- All other
_capture_agent_context and _enrich_with_prior_context tests continue to pass
Component: finbot/agents/orchestrator.py → OrchestratorAgent._capture_agent_context (line 421)
Root cause:
" "(whitespace-only string) is truthy in Python.if summary:evaluates toTruewhensummary=" ", so a meaningless blank summary is appended to_workflow_contextandpropagated to downstream agents via
_enrich_with_prior_context.Steps to reproduce:
OrchestratorAgent._capture_agent_context("invoice_agent", {"task_summary": " "}).agent._workflow_context.Expected:
_workflow_context == []— whitespace-only summary is not stored.Actual:
_workflow_context == [('invoice_agent', ' ')]How to execute:
Proposed fix:
Impact: A whitespace-only summary from any upstream agent is silently stored and injected
into the task description of every subsequent downstream agent. This pollutes the LLM context
with empty noise, wastes tokens, and — in a prompt injection scenario — could be used to slip
a blank payload through the
if summary:guard undetected (the guard is bypassed by anon-empty but content-free string).
Acceptance criteria:
test_orch_qa_001_whitespace_only_summary_should_not_be_capturedpasses_capture_agent_contextwithtask_summary=" "leaves_workflow_contextempty_capture_agent_contextand_enrich_with_prior_contexttests continue to pass