Hi,
An automated responsible-disclosure scan found a pattern matching an OpenAI API key in this file:
https://github.com/HKUDS/AI-Researcher/blob/f9a6f8480860c193afff600eeffe3defcee8a978/research_agent/inno/workflow/utils.py
Recommended actions
- Revoke the key immediately → https://platform.openai.com/api-keys
- Remove it from the file and commit the change
- Purge it from git history — the key remains accessible in old commits even after deletion. Use
git filter-repo or BFG Repo Cleaner
- Rotate any dependent services that used this key
This is an automated alert. The key was not tested, validated, or used in any way. If this is a false positive, please close this issue.
Sent by a responsible disclosure scanner to help protect accidentally exposed credentials.
Hi,
An automated responsible-disclosure scan found a pattern matching an OpenAI API key in this file:
https://github.com/HKUDS/AI-Researcher/blob/f9a6f8480860c193afff600eeffe3defcee8a978/research_agent/inno/workflow/utils.py
Recommended actions
git filter-repoor BFG Repo CleanerSent by a responsible disclosure scanner to help protect accidentally exposed credentials.