## Corporate Intelligence Strategy Exposed in Public HTML: Presenter Deck Leaks Commercial Tactics to Nine Principals
A security review of a single-page presenter deck has uncovered a medium-severity exposure in which confidential commercial-validation strategy was embedded directly into HTML source code, visible to anyone with access to the page. The document, a private presentation intended for nine named principals, contained explicit instructions to participants that could expose a coordinated attempt to extract competitive intelligence from SchoolDocs pricing—instructions left exposed in plain `data-notes` attributes across multiple slide elements.

The finding, catalogued as F-001 in a commit-level review of `index.html` (commit `a6f6617`), identified presenter notes stored in unencrypted `data-notes="..."` attributes on nine separate slide elements. Among the exposed instructions: directives to "Do NOT reveal validation or commercial intent," guidance to capture the names of engaged principals for subsequent commercial outreach, and scripted questions designed to elicit competitor pricing information. Security analysts noted that the exposure would be accessible to anyone inspecting the page source or using standard browser developer tools—no authentication bypass required.

The review, conducted as part of routine security hygiene, flagged the vulnerability under privacy and disclosure risk. No critical or high-severity issues were found in the same review cycle, with the finding classified as a single medium-severity exposure alongside one informational notice. The incident highlights a recurring failure mode in internal tooling: sensitive strategic context routinely embedded in lightweight HTML presentation files without encryption or access controls, creating a vector for inadvertent disclosure whenever the document is shared or accessed beyond its intended audience.
---
- **Source**: GitHub Issues
- **Sector**: The Vault
- **Tags**: html-security, data-exposure, competitive-intelligence, presenter-deck, privacy-leak
- **Credibility**: unverified
- **Published**: 2026-05-01 18:54:10
- **ID**: 78900
- **URL**: https://whisperx.ai/en/intel/78900