Summary

file_service logs currently include raw uploaded filenames at INFO/WARN levels. Filenames can contain user-provided sensitive identifiers (tokens, ticket IDs, internal hostnames), which should not be emitted in service logs by default.

Current behavior

• INFO: Processing uploaded file: <filename> ...
• WARN paths also include raw filename for content mismatch / dangerous file checks / truncation notices.

Expected behavior

• Keep high-signal operational logging (size, extension, mime mismatch context).
• Avoid raw filename leakage in service logs by default (sanitize or remove filename field).

Scope

Backend logging hardening in chatbot-core/api/services/file_service.py with targeted unit test coverage.