fix: address CodeQL security findings

- Avoid exposing exception details to external users in agent.py
  (/ and /chat endpoints now return generic error messages)
- Remove unused imports (json, sys) in verify.py

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: h4x3rotab

confidential-ai/agents/agent.py

@@ -140,8 +140,8 @@ def index():
                 "app_id": info.app_id,
             }
         )
-    except Exception as e:
-        return jsonify({"status": "running", "error": str(e)})
+    except Exception:
+        return jsonify({"status": "running", "error": "Failed to retrieve agent info"})
 
 
 @app.route("/attestation")
@@ -169,8 +169,8 @@ def chat():
                 "wallet": get_account().address,
             }
         )
-    except Exception as e:
-        return jsonify({"error": str(e)}), 500
+    except Exception:
+        return jsonify({"error": "Failed to process chat request"}), 500
 
 
 @app.route("/sign", methods=["POST"])

confidential-ai/inference/verify.py

@@ -10,8 +10,6 @@
 
 import argparse
 import hashlib
-import json
-import sys
 
 import requests