Skip to content

[Security Alert] Exposed OpenAI API key detected #85

Description

@hdhdn

Hi,

An automated responsible-disclosure scan found a pattern matching an OpenAI API key in this file:

https://github.com/HKUDS/AI-Researcher/blob/f9a6f8480860c193afff600eeffe3defcee8a978/research_agent/inno/workflow/utils.py

Recommended actions

  1. Revoke the key immediatelyhttps://platform.openai.com/api-keys
  2. Remove it from the file and commit the change
  3. Purge it from git history — the key remains accessible in old commits even after deletion. Use git filter-repo or BFG Repo Cleaner
  4. Rotate any dependent services that used this key

This is an automated alert. The key was not tested, validated, or used in any way. If this is a false positive, please close this issue.


Sent by a responsible disclosure scanner to help protect accidentally exposed credentials.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions