opensouls / terminal-copilot

A smart terminal assistant that helps you find the right command.
Apache License 2.0
572 stars 43 forks source link

Security issue with exposing env variables to OpenAI #4

Closed amir-abdi closed 1 year ago

amir-abdi commented 1 year ago

Why does the prompt need env vars to come up with the right command?

Concern: Credentials are often stored in env variables.

Recommendation: I'd recommend against including env vars unless absolutely necessary.

JoelKronander commented 1 year ago

Only three env variables are used. The three used are often helpful.

Are you thinking of something else?

amir-abdi commented 1 year ago

Referring to this: https://github.com/Methexis-Inc/terminal-copilot/blob/main/copilot/copilot.py#L50

JoelKronander commented 1 year ago

But that list of environs only contain HOME SHELL and USER. (See code above)

They hat should be ok right?

amir-abdi commented 1 year ago

Oh, excuse my carelessness in reviewing your code. I'll close the issue.