hey, while going through the agent-vault/cmd/user.go, i noticed that the email input is directly used in constructing API paths
url := sess.Address + "/v1/admin/users/" + email
since email comes straight from CLI arguments, inputs containing / or encoded characters could affect how the final request path is formed
from here, i was thinking this might impact how requests are routed on the backend, especially if path parsing or validation is not strict, it could potentially lead to unintended endpoint access or route confusion
just wanted to check, is this an intentional design choice or am i missing something? would love to help
hey, while going through the
agent-vault/cmd/user.go, i noticed that the email input is directly used in constructing API pathssince
emailcomes straight from CLI arguments, inputs containing/or encoded characters could affect how the final request path is formedfrom here, i was thinking this might impact how requests are routed on the backend, especially if path parsing or validation is not strict, it could potentially lead to unintended endpoint access or route confusion
just wanted to check, is this an intentional design choice or am i missing something? would love to help