Shell RC files (`~/.bashrc`, `~/.zshrc`) are write-protected in the rules but not read-protected. OpenAI's own quickstart tells you to put your API key there — so anyone who followed that tutorial has `OPENAI_API_KEY` sitting in their zshrc, readable by the agent. DLP is the only backstop, and only for known formats. Am I reading the rules wrong?
No comments yet.