Skills

security-ai-keys

Installation
SKILL.md

Security audit patterns for AI API key leakage in applications integrating AI providers.

Core Principles

  • MUST treat AI API keys as secrets and keep them server-side.
  • MUST NOT ship keys to browsers or mobile clients.
  • SHOULD avoid logging keys; redact before logging or error reporting.
  • MUST rotate keys immediately if exposure is suspected.
Installs
73
Repository
igorwarzocha/op…orkflows
GitHub Stars
123
First Seen
Jan 24, 2026
Security Audits
Gen Agent Trust HubFail
SocketPass
SnykPass
security-ai-keys — igorwarzocha/opencode-workflows