Customer-facing know articles expose internal author name 'Patrick Bass' as the editor byline

Area: Account (re-run) (audit p1r) · Surface: /know/* (all account/identity wiki articles) · Dimension: documentation · Severity: major

Every customer-facing mobieusKnow article in this area renders 'Last edited by Patrick Bass' (and a 'Contributors' line) linking to /profile/mobieus. The standing rule is that Patrick Bass / Anthony Roldan / Tom Russell must never be revealed on customer-facing pages — public surfaces should use 'the team' framing. The wiki contributor/byline UI leaks a real internal name to every visitor across the whole knowledge base.

Evidence

Editor byline links to the internal account and prints the real name on every article: `curl -s -L https://support.mobieus.io/know/account-settings | grep -oE 'by <[^>]*>[A-Z][a-z]+ [A-Z][a-z]+'` -> 'by <a href="/profile/mobieus" class="link">Patrick Bass'. Confirmed identical on account-settings, profile-and-identity, notifications, data-export-and-privacy, and rss-feeds (all render 'Last edited by Patrick Bass'). Also appears in the 'Contributors:' footer of each article body.

Suggested fix. Map the wiki author/contributor display to a team handle (e.g. 'the Mobieus team' or the 'mobieus' account display name) instead of the real-name field, or suppress the byline/contributors block on public know pages. Audit all /know articles, not just account/identity, since the leak is wiki-wide.

Filed by the automated tenant-app audit and adversarially evidence-verified. Status: verified. Open — not yet actioned.