Hi — an automated scan found what looks like a live OpenAI API key committed to this repository at:
The scanner did not validate the key against the vendor's API — validating someone else's credential would be unauthorized access. Please treat the key as compromised regardless:
- Rotate the key immediately in the vendor's console. Even if you have already removed it from the latest commit, it remains valid in git history.
- Purge the key from history (e.g.
git filter-repo) and force-push.
- Move secrets to environment variables or a secret manager; never commit
.env or equivalent config with live credentials.
The vendor's security team has been notified separately where a contact is known.
This issue was opened by an automated responsible-disclosure tool. Apologies for the noise if it is a false positive — please close the issue and I will not re-open it for this (repo, rule) pair.
Hi — an automated scan found what looks like a live OpenAI API key committed to this repository at:
README_en.mdopenai-t3blbkfjsk-G1cK7...(sha256[:8] =18212b89, length = 51)The scanner did not validate the key against the vendor's API — validating someone else's credential would be unauthorized access. Please treat the key as compromised regardless:
git filter-repo) and force-push..envor equivalent config with live credentials.The vendor's security team has been notified separately where a contact is known.
This issue was opened by an automated responsible-disclosure tool. Apologies for the noise if it is a false positive — please close the issue and I will not re-open it for this
(repo, rule)pair.