Also, how exactly is the functionality going to run without manually adding the API key?
Its code to invoke a request to an API. where exactly is the attack surface? It’s not running an endpoint.
Finally, it’s a terminal app. It has access to way more powerful and sensitive tools with higher security risk
To be more accurate I guess i could have said privacy theatre but i think the point stands.
Also, how exactly is the functionality going to run without manually adding the API key?
Its code to invoke a request to an API. where exactly is the attack surface? It’s not running an endpoint.
Finally, it’s a terminal app. It has access to way more powerful and sensitive tools with higher security risk
To be more accurate I guess i could have said privacy theatre but i think the point stands.