Close Open Privacy Scan

bolt Snapshot: commit f012a40
science engine v1.14
schedule 2026-07-17T09:17:11.320093+00:00
update Scan engine updated since this result

verified_user No application data leak found

No high-confidence exfiltration was found in application code. Dependency data flows are listed separately and do not affect this verdict.

smart_toy MCP server detected: anthropic, fastmcp, litellm, mcp +1 more — detected in dependencies, not a safety judgment.
Incomplete scan — only 85/152 dependencies were analyzed. Treat the score as provisional.

App Privacy Score

72 /100
Medium privacy risk

Medium risk · 5441 finding(s)

Dependency score: 0 (High risk)

bar_chart Score Breakdown

egress −15
telemetry −10
env_fs −3

list Scan Summary

1 high 747 medium 4693 low
First-party packages: 2
Dependency packages: 40
Ecosystem: python

swap_horiz Application data flows

No application data flows were found. See dependency data flows below.

hub Dependency data flows (18)
high litellm dependency A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:162 pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:161
medium mcp dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:433 pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:452
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:96 pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:115
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/integrations/lago.py:178 pkgs/python/[email protected]/litellm/integrations/lago.py:198
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/integrations/lago.py:178 pkgs/python/[email protected]/litellm/integrations/lago.py:201
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:925 pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:944
medium litellm dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:176 pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:192
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:341 pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:394
medium litellm dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:77 pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:83
medium litellm dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:592 pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:665
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/main.py:2852 pkgs/python/[email protected]/litellm/main.py:2899
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:144 pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:195
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:73 pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:76
medium google-cloud-aiplatform dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:1851 pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:1848
medium google-cloud-aiplatform dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1803 pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1800
medium google-cloud-aiplatform dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1845 pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1842
medium google-cloud-aiplatform dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1960 pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1957
medium google-cloud-aiplatform dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1794 pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1791

</> First-Party Code

first-party (python)

python first-party
medium telemetry production #25c748fb77a97ea2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/openhands/analytics/analytics_service.py:18
from posthog import Posthog

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 202 low-confidence finding(s)
low env_fs test-only #7c382885f25f329d Environment-variable access.
repo/.github/scripts/find_prs_between_commits.py:45
    if 'OPENHANDS_REPO' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b7330644a240b8a3 Environment-variable access.
repo/.github/scripts/find_prs_between_commits.py:46
        repo_path = Path(os.environ['OPENHANDS_REPO'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #56d217d019ee0154 Environment-variable access.
repo/.github/scripts/find_prs_between_commits.py:103
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbf81c1e42082e9d Filesystem access.
repo/openhands/analytics/oss_install_id.py:25
            stored = id_file.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22cce6643489c60e Filesystem access.
repo/openhands/analytics/oss_install_id.py:34
        id_file.write_text(new_id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de33c93b71d46e75 Environment-variable access.
repo/openhands/app_server/app.py:75
if os.getenv('SERVE_FRONTEND', 'true').lower() == 'true':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #553c53f87dcac607 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/openhands/app_server/app_conversation/app_conversation_router.py:556
        response = await httpx_client.post(
            f'{agent_server_url}/api/conversations/{conversation_id}/events',
            json={
                'role': request.role,
                'content': content_json,
                'run': request.run,
            },
            headers=(
                {'X-Session-API-Key': sandbox.session_api_key}
                if sandbox.session_api_key
                else {}
            ),
            timeout=30.0,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d6dbd5fed3273298 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/openhands/app_server/app_conversation/app_conversation_router.py:728
        switch_response = await httpx_client.post(
            f'{ctx.agent_server_url}/api/conversations/{conversation_id}/switch_llm',
            json={'llm': llm_payload},
            headers=headers,
            timeout=30.0,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ad38a279988ffddb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/openhands/app_server/app_conversation/app_conversation_router.py:825
        switch_response = await httpx_client.post(
            f'{ctx.agent_server_url}/api/conversations/{conversation_id}/switch_acp_model',
            json={'model': request.model},
            headers=headers,
            timeout=30.0,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #30dc789e1cbf3322 Filesystem access.
repo/openhands/app_server/app_conversation/app_conversation_router.py:1194
            with open(temp_file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #dc7b328ce31b6f18 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/openhands/app_server/app_conversation/app_conversation_service_base.py:724
            response = await httpx_client.post(
                f'{agent_server_url}/api/conversations/{conversation_id}/security_analyzer',
                json=payload,
                headers={'X-Session-API-Key': session_api_key},
                timeout=30.0,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c44a1b251e1a3024 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/openhands/app_server/app_conversation/hook_loader.py:78
    response = await httpx_client.post(
        f'{agent_server_url}/api/hooks',
        json=payload,
        headers=headers,
        timeout=30.0,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #816fe45359470203 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/openhands/app_server/app_conversation/live_status_app_conversation_service.py:539
            response = await self.httpx_client.post(
                f'{agent_server_url}/api/conversations',
                json=body_json,
                headers=headers,
                timeout=self.sandbox_startup_timeout,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2afe10e31f917843 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/openhands/app_server/app_conversation/live_status_app_conversation_service.py:1039
                response = await self.httpx_client.post(
                    f'{base_url}/{name}',
                    json={
                        'include_secrets': True,
                        'llm': resolved.model_dump(
                            mode='json',
                            exclude_none=True,
                            context={'expose_secrets': True},
                        ),
                    },
                    headers=headers,
                    timeout=30.0,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #eca7a71c38c3903b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/openhands/app_server/app_conversation/live_status_app_conversation_service.py:2277
                response = await self.httpx_client.post(
                    f'{agent_server_url}/api/conversations/{conversation_id_str}/events',
                    json={
                        'role': msg.role,
                        'content': content_json,
                        'run': True,
                    },
                    headers={'X-Session-API-Key': session_api_key},
                    timeout=30.0,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #366eb69554d3fc85 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/openhands/app_server/app_conversation/skill_loader.py:573
            response = await client.post(
                f'{agent_server_url}/api/skills',
                json=payload,
                headers=headers,
                timeout=60.0,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #479a18ca82a03ceb Environment-variable access.
repo/openhands/app_server/config.py:77
    persistence_dir = os.getenv('OH_PERSISTENCE_DIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3dfd3c1a4d1293a6 Environment-variable access.
repo/openhands/app_server/config.py:81
        persistence_dir = os.getenv('FILE_STORE_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6c68e326f4074cb Environment-variable access.
repo/openhands/app_server/config.py:97
    web_host = os.getenv('WEB_HOST')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34092df7c06b1b62 Environment-variable access.
repo/openhands/app_server/config.py:110
    legacy = os.getenv('PERMITTED_CORS_ORIGINS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2843b1dde2355e28 Environment-variable access.
repo/openhands/app_server/config.py:121
    return os.getenv('OPENHANDS_PROVIDER_BASE_URL') or os.getenv('LLM_BASE_URL') or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8c51a71a81235a7 Environment-variable access.
repo/openhands/app_server/config.py:129
    return os.getenv('TAVILY_API_KEY') or os.getenv('SEARCH_API_KEY') or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #265afdbeccca8e3e Environment-variable access.
repo/openhands/app_server/config.py:177
    if 'saas' in (os.getenv('OPENHANDS_CONFIG_CLS') or '').lower():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #394a6b88d2f52bce Environment-variable access.
repo/openhands/app_server/config.py:293
        aws_region = os.getenv('AWS_REGION_NAME')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17074207d6606b02 Environment-variable access.
repo/openhands/app_server/config.py:294
        aws_key = os.getenv('AWS_ACCESS_KEY_ID')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0bafdad665c1595 Environment-variable access.
repo/openhands/app_server/config.py:295
        aws_secret = os.getenv('AWS_SECRET_ACCESS_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89cc327a5581b889 Environment-variable access.
repo/openhands/app_server/config.py:301
        ollama_url = os.getenv('OLLAMA_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a298c150bf149a32 Environment-variable access.
repo/openhands/app_server/config.py:312
            bucket_name = os.environ.get('FILE_STORE_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23e8ca526ca28977 Environment-variable access.
repo/openhands/app_server/config.py:320
            bucket_name = os.environ.get('FILE_STORE_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51cdd33f1489796e Environment-variable access.
repo/openhands/app_server/config.py:334
        if os.getenv('RUNTIME') == 'remote':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef89b7dbc08f4802 Environment-variable access.
repo/openhands/app_server/config.py:336
                api_key=os.environ['SANDBOX_API_KEY'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3abb31479d5df3e9 Environment-variable access.
repo/openhands/app_server/config.py:337
                api_url=os.environ['SANDBOX_REMOTE_RUNTIME_API_URL'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05baba8fa251c08d Environment-variable access.
repo/openhands/app_server/config.py:339
        elif os.getenv('RUNTIME') in ('local', 'process'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3567ec5558e64ab Environment-variable access.
repo/openhands/app_server/config.py:344
            if os.getenv('SANDBOX_HOST_PORT'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #359761160dcd45f2 Environment-variable access.
repo/openhands/app_server/config.py:346
                    os.environ['SANDBOX_HOST_PORT']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7dd95bf988f116a9 Environment-variable access.
repo/openhands/app_server/config.py:348
            if os.getenv('SANDBOX_CONTAINER_URL_PATTERN'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7229ab34660e167 Environment-variable access.
repo/openhands/app_server/config.py:349
                docker_sandbox_kwargs['container_url_pattern'] = os.environ[

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64d95f12bc5b7e52 Environment-variable access.
repo/openhands/app_server/config.py:349
                docker_sandbox_kwargs['container_url_pattern'] = os.environ[
                    'SANDBOX_CONTAINER_URL_PATTERN'
                ]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #920c5fc6cf2ddf91 Environment-variable access.
repo/openhands/app_server/config.py:355
            if os.getenv('SANDBOX_STARTUP_GRACE_SECONDS'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6af8152cbca4d060 Environment-variable access.
repo/openhands/app_server/config.py:357
                    os.environ['SANDBOX_STARTUP_GRACE_SECONDS']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8043e17c3b207b0 Environment-variable access.
repo/openhands/app_server/config.py:361
            sandbox_volumes = os.getenv('SANDBOX_VOLUMES')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #119950f111446f47 Environment-variable access.
repo/openhands/app_server/config.py:389
        if os.getenv('RUNTIME') == 'remote':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11bcbaa04a7097c2 Environment-variable access.
repo/openhands/app_server/config.py:391
        elif os.getenv('RUNTIME') in ('local', 'process'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c6f66d765ec33d2 Environment-variable access.
repo/openhands/app_server/constants.py:17
MAX_API_SECRETS_COUNT: int = int(os.getenv('OH_MAX_API_SECRETS_COUNT', '50'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab4f77917b569261 Environment-variable access.
repo/openhands/app_server/constants.py:22
MAX_API_SECRET_NAME_LENGTH: int = int(os.getenv('OH_MAX_API_SECRET_NAME_LENGTH', '256'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55edcc9352bc98d6 Environment-variable access.
repo/openhands/app_server/constants.py:28
    os.getenv('OH_MAX_API_SECRET_VALUE_LENGTH', '65536')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22fdecd0ba23e1ca Environment-variable access.
repo/openhands/app_server/event/aws_event_service.py:81
    endpoint_url = os.getenv('AWS_S3_ENDPOINT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ae4c7c250e65fc4 Environment-variable access.
repo/openhands/app_server/event/aws_event_service.py:84
    secure = os.getenv('AWS_S3_SECURE', 'true').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b3b137b1ace091a Environment-variable access.
repo/openhands/app_server/event/event_service_base.py:26
        return max(1, int(os.getenv('EVENT_SERVICE_LOAD_EVENT_CONCURRENCY', '10')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ed27cf676a6f544 Filesystem access.
repo/openhands/app_server/event/filesystem_event_service.py:25
            content = path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e019879176b35534 Filesystem access.
repo/openhands/app_server/event/filesystem_event_service.py:36
        path.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ba4207b164fbc1c Filesystem access.
repo/openhands/app_server/file_store/files.py:29
        with open(source_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #742cacd6f9a69d36 Environment-variable access.
repo/openhands/app_server/file_store/google_cloud.py:31
        return os.environ['GOOGLE_CLOUD_BUCKET_NAME']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2cab6b1d720e352 Filesystem access.
repo/openhands/app_server/file_store/local.py:35
            with open(temp_path, mode) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e48653a4a3570e9a Filesystem access.
repo/openhands/app_server/file_store/local.py:61
        with open(full_path, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fc84c4a63d33701 Environment-variable access.
repo/openhands/app_server/file_store/s3.py:37
            self._resolved_bucket = self.bucket_name or os.environ['AWS_S3_BUCKET']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #516ba3e85aa07282 Environment-variable access.
repo/openhands/app_server/file_store/s3.py:44
            access_key = os.getenv('AWS_ACCESS_KEY_ID')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #320e855c6b96ebe5 Environment-variable access.
repo/openhands/app_server/file_store/s3.py:45
            secret_key = os.getenv('AWS_SECRET_ACCESS_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #776dd5977b8d009e Environment-variable access.
repo/openhands/app_server/file_store/s3.py:46
            secure = os.getenv('AWS_S3_SECURE', 'true').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc8f3e780ff151ed Environment-variable access.
repo/openhands/app_server/file_store/s3.py:47
            endpoint = self._ensure_url_scheme(secure, os.getenv('AWS_S3_ENDPOINT'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2733f14ca3684b6c Environment-variable access.
repo/openhands/app_server/integrations/azure_devops/azure_devops_service.py:237
azure_devops_service_cls = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cef2d9e6246d72e2 Environment-variable access.
repo/openhands/app_server/integrations/azure_devops/azure_devops_service.py:237
azure_devops_service_cls = os.environ.get(
    'OPENHANDS_AZURE_DEVOPS_SERVICE_CLS',
    'openhands.app_server.integrations.azure_devops.azure_devops_service.AzureDevOpsService',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cff9a8cfca285ddd Environment-variable access.
repo/openhands/app_server/integrations/bitbucket/bitbucket_service.py:63
bitbucket_service_cls = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1867cc22d426e123 Environment-variable access.
repo/openhands/app_server/integrations/bitbucket/bitbucket_service.py:63
bitbucket_service_cls = os.environ.get(
    'OPENHANDS_BITBUCKET_SERVICE_CLS',
    'openhands.app_server.integrations.bitbucket.bitbucket_service.BitBucketService',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6022820fd3aea1e3 Environment-variable access.
repo/openhands/app_server/integrations/bitbucket_data_center/bitbucket_dc_service.py:54
            base_domain = os.environ.get('BITBUCKET_DATA_CENTER_HOST') or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba31c7c1c2f8b501 Environment-variable access.
repo/openhands/app_server/integrations/bitbucket_data_center/bitbucket_dc_service.py:81
bitbucket_dc_service_cls = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c73c38332b3ce4d7 Environment-variable access.
repo/openhands/app_server/integrations/bitbucket_data_center/bitbucket_dc_service.py:81
bitbucket_dc_service_cls = os.environ.get(
    'OPENHANDS_BITBUCKET_DATA_CENTER_SERVICE_CLS',
    'openhands.app_server.integrations.bitbucket_data_center.bitbucket_dc_service.BitbucketDCService',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba258158b4866c19 Environment-variable access.
repo/openhands/app_server/integrations/forgejo/forgejo_service.py:52
forgejo_service_cls = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #220a6ba9ac330f12 Environment-variable access.
repo/openhands/app_server/integrations/forgejo/forgejo_service.py:52
forgejo_service_cls = os.environ.get(
    'OPENHANDS_FORGEJO_SERVICE_CLS',
    'openhands.app_server.integrations.forgejo.forgejo_service.ForgejoService',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98fdd5991179b4da Environment-variable access.
repo/openhands/app_server/integrations/forgejo/service/base.py:51
            env_token = os.environ.get('FORGEJO_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2e95ee2279e1c4d Environment-variable access.
repo/openhands/app_server/integrations/forgejo/service/base.py:55
        env_base_url = os.environ.get('FORGEJO_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58d993066512e23c Environment-variable access.
repo/openhands/app_server/integrations/github/github_service.py:74
github_service_cls = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5d08eb3c7d87a7d Environment-variable access.
repo/openhands/app_server/integrations/github/github_service.py:74
github_service_cls = os.environ.get(
    'OPENHANDS_GITHUB_SERVICE_CLS',
    'openhands.app_server.integrations.github.github_service.GitHubService',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #47834962b9c5ac15 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/openhands/app_server/integrations/github/service/base.py:104
                response = await client.post(
                    self.GRAPHQL_URL,
                    headers=github_headers,
                    json={'query': query, 'variables': variables},
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #0b2d6d27dcc6a33c Environment-variable access.
repo/openhands/app_server/integrations/gitlab/constants.py:11
    os.environ.get('GITLAB_HOST', 'gitlab.com')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1a0491454d9bc1a Environment-variable access.
repo/openhands/app_server/integrations/gitlab/gitlab_service.py:79
gitlab_service_cls = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac164dbf43753fd4 Environment-variable access.
repo/openhands/app_server/integrations/gitlab/gitlab_service.py:79
gitlab_service_cls = os.environ.get(
    'OPENHANDS_GITLAB_SERVICE_CLS',
    'openhands.app_server.integrations.gitlab.gitlab_service.GitLabService',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #652c82e50cd68b77 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/openhands/app_server/integrations/gitlab/service/base.py:113
                response = await client.post(
                    self.GRAPHQL_URL, headers=gitlab_headers, json=payload
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #03767a3656d3280e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/openhands/app_server/integrations/gitlab/service/base.py:121
                    response = await client.post(
                        self.GRAPHQL_URL, headers=gitlab_headers, json=payload
                    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #70b5fd8acf977ca1 Environment-variable access.
repo/openhands/app_server/integrations/jira_dc/config.py:23
    email = os.getenv('JIRA_DC_SERVICE_ACCOUNT_EMAIL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eae17fcfe0e8f3b9 Environment-variable access.
repo/openhands/app_server/integrations/jira_dc/config.py:24
    api_key = os.getenv('JIRA_DC_SERVICE_ACCOUNT_PAT', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #21f0d6ddf6315549 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/openhands/app_server/integrations/protocols/http_client.py:75
            return await client.post(url, headers=headers, json=params)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #dd24baefc82cf021 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/openhands/app_server/integrations/protocols/http_client.py:77
            return await client.put(url, headers=headers, json=params)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #26ec1216e5773355 Environment-variable access.
repo/openhands/app_server/integrations/provider.py:145
        WEB_HOST = os.getenv('WEB_HOST', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3299251ac1d0bdf7 Environment-variable access.
repo/openhands/app_server/integrations/provider.py:535
            allow_insecure = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0c53a9fe5adb821 Environment-variable access.
repo/openhands/app_server/integrations/provider.py:535
            allow_insecure = os.environ.get(
                'ALLOW_INSECURE_GIT_ACCESS', 'false'
            ).lower() in ('true', '1', 'yes')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cee40503f0e2c583 Environment-variable access.
repo/openhands/app_server/mcp/mcp_router.py:45
HOST = f'https://{os.getenv("WEB_HOST", "app.all-hands.dev").strip()}'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #acca7d7aff92eda0 Environment-variable access.
repo/openhands/app_server/sandbox/docker_sandbox_service.py:55
    value = os.getenv('AGENT_SERVER_USE_HOST_NETWORK', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #561f2fc6ac6ce581 Environment-variable access.
repo/openhands/app_server/sandbox/docker_sandbox_service.py:61
    value = os.getenv('SANDBOX_KVM_ENABLED', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e112433ade60f8c5 Environment-variable access.
repo/openhands/app_server/sandbox/dynamic_remote_sandbox_spec_service.py:122
        default_factory=lambda: os.environ.get('SANDBOX_REMOTE_RUNTIME_API_URL', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21106b3ac06d36cb Environment-variable access.
repo/openhands/app_server/sandbox/dynamic_remote_sandbox_spec_service.py:126
        default_factory=lambda: os.environ.get('SANDBOX_API_KEY', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a6bac72d19bbafe Environment-variable access.
repo/openhands/app_server/sandbox/process_sandbox_service.py:125
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5706d22f5d066e11 Filesystem access.
repo/openhands/app_server/sandbox/process_sandbox_service.py:145
            with open(log_path, 'a', buffering=1) as log_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #b71c6804a4725d49 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/openhands/app_server/sandbox/remote_sandbox_service.py:138
                return await self.httpx_client.request(
                    method, url, headers={'X-API-Key': self.api_key}, **kwargs
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #64ff4074c03ebdef Environment-variable access.
repo/openhands/app_server/sandbox/sandbox_spec_service.py:121
    repository = os.getenv('AGENT_SERVER_IMAGE_REPOSITORY') or _DEFAULT_REPOSITORY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #649d791efd3ae540 Environment-variable access.
repo/openhands/app_server/sandbox/sandbox_spec_service.py:123
    tag = os.getenv('AGENT_SERVER_IMAGE_TAG') or f'{bundled_version}-python'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e790389a5ffe5142 Environment-variable access.
repo/openhands/app_server/sandbox/sandbox_spec_service.py:201
    for key, value in os.environ.items():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1cd043735bf1e519 Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:78
    return os.getenv('RUNTIME_FILE_ARCHIVE_ENABLED', 'false').lower() in ('true', '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8eafb84a9939f9a7 Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:83
    return os.getenv('RUNTIME_FILE_ARCHIVE_REQUIRED', 'false').lower() in ('true', '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9cac21e7baa65bac Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:88
    return os.getenv('RUNTIME_FILE_ARCHIVE_ENRICH', 'true').lower() in ('true', '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #840dfd9a5a3e3aea Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:92
    return os.getenv('RUNTIME_FILE_ARCHIVE_BUCKET', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eef7ae08ab29844d Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:96
    return os.getenv('RUNTIME_FILE_ARCHIVE_PREFIX', 'workspace-archives')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d8938f6dad6a415 Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:106
    return os.getenv('RUNTIME_FILE_ARCHIVE_FORMAT', 'both')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87f6031d038ad276 Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:131
    raw = os.getenv(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7926126559d5ab8d Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:159
    return os.getenv('RUNTIME_FILE_ARCHIVE_STORE_TYPE', 'google_cloud')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #5d6089990ca3b1cd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/openhands/app_server/sandbox/workspace_archive.py:280
        response = await httpx_client.post(
            f'{agent_server_url}/api/bash/execute_bash_command',
            json={'command': command, 'cwd': cwd, 'timeout': _PROBE_TIMEOUT},
            headers=headers,
            timeout=_PROBE_TIMEOUT + 1,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #e7af093d68b4ca61 Environment-variable access.
repo/openhands/app_server/server_config/server_config.py:10
    config_cls = os.environ.get('OPENHANDS_CONFIG_CLS', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b11a5c1d93035a7d Environment-variable access.
repo/openhands/app_server/server_config/server_config.py:13
    github_client_id = os.environ.get('GITHUB_APP_CLIENT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8f19e3dcaf47cb8 Environment-variable access.
repo/openhands/app_server/server_config/server_config.py:14
    enable_billing = os.environ.get('ENABLE_BILLING', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07a3e8c3857c69b6 Environment-variable access.
repo/openhands/app_server/server_config/server_config.py:15
    hide_llm_settings = os.environ.get('HIDE_LLM_SETTINGS', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5ba7ff4fc4f30ea Environment-variable access.
repo/openhands/app_server/server_config/server_config.py:28
    enable_v1: bool = os.getenv('ENABLE_V1') != '0'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d8042e5e2b348d0 Environment-variable access.
repo/openhands/app_server/server_config/server_config.py:49
    config_cls = os.environ.get('OPENHANDS_CONFIG_CLS', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #539d83b1cb99ad1d Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:58
            self.host = os.getenv('DB_HOST')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7bc134689cd57048 Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:60
            self.port = int(os.getenv('DB_PORT', '5432'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12338d3d5e18ed11 Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:62
            self.name = os.getenv('DB_NAME', 'openhands')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc400416c1af1109 Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:64
            self.user = os.getenv('DB_USER', 'postgres')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3512899ffa45c41e Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:66
            self.password = SecretStr(os.getenv('DB_PASS', 'postgres').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4369266100d6537 Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:68
            self.gcp_db_instance = os.getenv('GCP_DB_INSTANCE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #981da4d048e173e8 Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:70
            self.gcp_project = os.getenv('GCP_PROJECT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3cb10987eb05a38d Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:72
            self.gcp_region = os.getenv('GCP_REGION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1ab8b7736c6f9d3 Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:74
            self.ssl_mode = os.getenv('DB_SSL_MODE') or os.getenv('PGSSLMODE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b69cee80d9b51e2e Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:75
        pool_size = os.getenv('DB_POOL_SIZE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11ee89f04cd5a201 Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:78
        max_overflow = os.getenv('DB_MAX_OVERFLOW')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a16019a2d0215365 Environment-variable access.
repo/openhands/app_server/settings/marketplace_composition.py:51
    raw = os.environ.get(MARKETPLACE_LOADING_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c47c32b33612403 Environment-variable access.
repo/openhands/app_server/settings/marketplace_composition.py:135
    env_value = os.environ.get(INSTANCE_MARKETPLACES_ENV, '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c35f5c12aab4cfab Environment-variable access.
repo/openhands/app_server/settings/settings_router.py:60
LITE_LLM_API_URL = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fdb60af833394de4 Environment-variable access.
repo/openhands/app_server/settings/settings_router.py:60
LITE_LLM_API_URL = os.environ.get(
    'LITE_LLM_API_URL', 'https://llm-proxy.app.all-hands.dev'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #601d9722446b3c56 Filesystem access.
repo/openhands/app_server/status/system_stats.py:59
        with open(f'/proc/{process.pid}/io', 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #940ea24868387a7b Filesystem access.
repo/openhands/app_server/user/skills_router.py:81
        text = file_path.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4549bc882fe0a17b Environment-variable access.
repo/openhands/app_server/utils/dependencies.py:9
_SESSION_API_KEY = os.getenv('SESSION_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #874d938980a7b32b Environment-variable access.
repo/openhands/app_server/utils/encryption_key.py:35
    jwt_secret = os.getenv('JWT_SECRET')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2ad20d7faa1f3e9 Filesystem access.
repo/openhands/app_server/utils/encryption_key.py:54
        encryption_keys = type_adapter.validate_json(key_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7bdf73125869b6be Filesystem access.
repo/openhands/app_server/utils/encryption_key.py:59
        jwt_secret = jwt_secret_file.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c12661af23697c62 Environment-variable access.
repo/openhands/app_server/utils/environment.py:31
    provider = os.environ.get('SHARED_EVENT_STORAGE_PROVIDER', '').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb073fbf02afb198 Environment-variable access.
repo/openhands/app_server/utils/environment.py:35
        provider = os.environ.get('FILE_STORE', '').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0eca8767b0ef95f8 Environment-variable access.
repo/openhands/app_server/utils/environment.py:55
    if os.environ.get('DOCKER_CONTAINER') == 'true':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e9b5072f694da9e Environment-variable access.
repo/openhands/app_server/utils/llm_metadata.py:63
            f'web_host:{os.environ.get("WEB_HOST", "unspecified")}',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b30dfe83224903d4 Environment-variable access.
repo/openhands/app_server/utils/logger.py:25
LOG_LEVEL = os.getenv('LOG_LEVEL', 'INFO').upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f71abf24afbdd66 Environment-variable access.
repo/openhands/app_server/utils/logger.py:26
DEBUG = os.getenv('DEBUG', 'False').lower() in ['true', '1', 'yes']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd47d17bae25da42 Environment-variable access.
repo/openhands/app_server/utils/logger.py:27
DEBUG_LLM = os.getenv('DEBUG_LLM', 'False').lower() in ['true', '1', 'yes']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45ff0b0834ccc5ff Environment-variable access.
repo/openhands/app_server/utils/logger.py:30
LOG_JSON = os.getenv('LOG_JSON', 'False').lower() in ['true', '1', 'yes']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f812231f72ce8d18 Environment-variable access.
repo/openhands/app_server/utils/logger.py:31
LOG_JSON_LEVEL_KEY = os.getenv('LOG_JSON_LEVEL_KEY', 'level')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57ea8d0d1f2e5f08 Environment-variable access.
repo/openhands/app_server/utils/logger.py:55
LOG_TO_FILE = os.getenv('LOG_TO_FILE', str(LOG_LEVEL == 'DEBUG')).lower() in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20c15e334c29d5fe Environment-variable access.
repo/openhands/app_server/utils/logger.py:62
LOG_ALL_EVENTS = os.getenv('LOG_ALL_EVENTS', 'False').lower() in ['true', '1', 'yes']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ef334f6b0e181aa Environment-variable access.
repo/openhands/app_server/utils/logger.py:65
DEBUG_RUNTIME = os.getenv('DEBUG_RUNTIME', 'False').lower() in ['true', '1', 'yes']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3daaa0df75620e7a Environment-variable access.
repo/openhands/app_server/utils/logger.py:252
        for key, value in os.environ.items():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #854675cbcae46237 Environment-variable access.
repo/openhands/app_server/utils/redis.py:9
REDIS_HOST = os.environ.get('REDIS_HOST', 'localhost')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55412f4a49247ab3 Environment-variable access.
repo/openhands/app_server/utils/redis.py:10
REDIS_PORT = int(os.environ.get('REDIS_PORT', '6379'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #945c49c6ff436e66 Environment-variable access.
repo/openhands/app_server/utils/redis.py:11
REDIS_PASSWORD = os.environ.get('REDIS_PASSWORD', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0f93c9ab41592d9 Environment-variable access.
repo/openhands/app_server/utils/redis.py:12
REDIS_DB = int(os.environ.get('REDIS_DB', '0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5931f180d90a3cf Filesystem access.
repo/openhands/app_server/version.py:17
                with open(file_path, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcdf861b0c1f02f5 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:26
    key = os.getenv('RECAPTCHA_SITE_KEY', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b75526d18f36e560 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:40
    key = os.getenv('POSTHOG_CLIENT_KEY', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56178840ce91f033 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:49
    url = os.getenv('AUTH_URL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4cfce25dc125b8f9 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:60
    value = os.getenv('MAINTENANCE_START_TIME', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91c2c7de0cd030dc Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:71
    return bool(os.getenv('GITLAB_APP_CLIENT_ID', '').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f60d0e640062bb63 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:82
    if os.getenv('GITHUB_APP_CLIENT_ID', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f6227ad9f9c663a Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:88
    if os.getenv('BITBUCKET_APP_CLIENT_ID', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #371aef280b2b1e9c Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:91
    if os.getenv('BITBUCKET_DATA_CENTER_CLIENT_ID', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6aef1f36d3077175 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:94
    if os.getenv('AZURE_DEVOPS_CLIENT_ID', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad2c69cbf505854f Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:97
    if os.getenv('ENABLE_ENTERPRISE_SSO', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7733f8b8917c1e1 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:109
    slug = os.getenv('GITHUB_APP_SLUG', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd37ed808ca1bbc1 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:116
        os.getenv('SLACK_WEBHOOKS_ENABLED', 'false').lower() in ('true', '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5644a91249d2b8d Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:117
        and bool(os.getenv('SLACK_CLIENT_ID', '').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ff3d38973333241 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:118
        and bool(os.getenv('SLACK_CLIENT_SECRET', '').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bdf12025f9df0735 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:119
        and bool(os.getenv('SLACK_SIGNING_SECRET', '').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1193ddc22c36b61e Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:128
        smtp_enabled = bool(os.getenv('SMTP_HOST', '').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79a80dd6d586e8d3 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:135
        resend_enabled = bool(os.getenv('RESEND_API_KEY', '').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #433f95ef59eb822f Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:151
    if os.getenv('JIRA_DC_ENABLE_OAUTH', '1') not in ('1', 'true'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b1402f5b7be1c6e Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:153
    base_url = os.getenv('JIRA_DC_BASE_URL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d45673b56d4e52e Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:193
        enable_billing=os.getenv('ENABLE_BILLING', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80eba41f90791ba6 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:194
        hide_llm_settings=os.getenv('HIDE_LLM_SETTINGS', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ae3b29bc1be9bb2 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:195
        enable_jira=os.getenv('ENABLE_JIRA', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78d4e63263e885f5 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:196
        enable_jira_dc=os.getenv('ENABLE_JIRA_DC', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #877654ecf66dcad4 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:197
        enable_linear=os.getenv('ENABLE_LINEAR', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d258693a45b8e875 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:198
        hide_users_page=os.getenv('HIDE_USERS_PAGE', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10a9acbe95f33fce Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:199
        hide_billing_page=os.getenv('HIDE_BILLING_PAGE', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f75de102edd80b60 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:200
        hide_integrations_page=os.getenv('HIDE_INTEGRATIONS_PAGE', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c97ad72d51408b6 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:201
        hide_personal_workspaces=os.getenv('HIDE_PERSONAL_WORKSPACES', 'false')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #316be902e2a8d63c Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:203
        allow_user_llm_configuration=os.getenv(
            'OH_ALLOW_USER_LLM_CONFIGURATION', 'true'
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18cb241b96ed0aae Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:207
        enable_acp=os.getenv('ENABLE_ACP', 'true') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adff100164fcca81 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:208
        enable_onboarding=os.getenv('OH_ENABLE_ONBOARDING', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fc0bbfb44437b32 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:209
        enable_automations=os.getenv('ENABLE_AUTOMATIONS', 'true') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e75915744ae4350e Environment-variable access.
repo/openhands/app_server/web_client/web_client_deployment_mode.py:14
    explicit = os.getenv('OH_DEPLOYMENT_MODE', '').strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9103f6a43da426a Environment-variable access.
repo/openhands/app_server/web_client/web_client_deployment_mode.py:19
    web_host = os.getenv('OH_WEB_HOST', os.getenv('WEB_HOST', '')).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #929f6979c8d856b1 Environment-variable access.
repo/openhands/server/__main__.py:19
        port=int(os.environ.get('port') or '3000'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64e7d9c1d2ad6dfc Environment-variable access.
repo/openhands/server/__main__.py:20
        log_level='debug' if os.environ.get('DEBUG') else 'info',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f68cd39c22a9ef8d Environment-variable access.
repo/scripts/auto_close_duplicate_issues.py:41
    token = os.environ.get('GITHUB_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1aef16a3e0fd65d2 Filesystem access.
repo/scripts/check_enterprise_migration_integrity.py:81
            module = ast.parse(path.read_text(encoding='utf-8'), filename=str(path))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #667d3120a93bf5b9 Environment-variable access.
repo/scripts/issue_duplicate_check_openhands.py:16
OPENHANDS_BASE_URL = os.environ.get('OPENHANDS_BASE_URL', 'https://app.all-hands.dev')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7bfb8e37dc7b8671 Environment-variable access.
repo/scripts/issue_duplicate_check_openhands.py:18
GITHUB_API_BASE_URL = os.environ.get('GITHUB_API_BASE_URL', 'https://api.github.com')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e63ab1f7ba181898 Environment-variable access.
repo/scripts/issue_duplicate_check_openhands.py:81
    github_token = os.environ.get('GITHUB_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #afff0fb96a3ea87f Environment-variable access.
repo/scripts/issue_duplicate_check_openhands.py:88
    api_key = os.environ.get('OPENHANDS_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6af46d3b35063999 Filesystem access.
repo/scripts/issue_duplicate_check_openhands.py:601
        output_path.write_text(json.dumps(result, indent=2, ensure_ascii=False) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d4a19306cd827e49 Environment-variable access.
repo/scripts/issue_good_first_issue_check_openhands.py:16
OPENHANDS_BASE_URL = os.environ.get('OPENHANDS_BASE_URL', 'https://app.all-hands.dev')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3a9ef62b5a3db77e Environment-variable access.
repo/scripts/issue_good_first_issue_check_openhands.py:18
GITHUB_API_BASE_URL = os.environ.get('GITHUB_API_BASE_URL', 'https://api.github.com')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3099cb7b875b29c8 Environment-variable access.
repo/scripts/issue_good_first_issue_check_openhands.py:81
    github_token = os.environ.get('GITHUB_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e2abf9a75f199690 Environment-variable access.
repo/scripts/issue_good_first_issue_check_openhands.py:88
    api_key = os.environ.get('OPENHANDS_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b2f6f6a01522254f Filesystem access.
repo/scripts/issue_good_first_issue_check_openhands.py:544
        output_path.write_text(json.dumps(result, indent=2, ensure_ascii=False) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24ee50edac3bd119 Environment-variable access.
repo/scripts/update_openapi.py:37
os.environ['OPENHANDS_LOG_LEVEL'] = 'CRITICAL'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bd22d0127d5269c3 Filesystem access.
repo/scripts/update_openapi.py:154
        with open(spec_path, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a3e21670f5f5ebe8 Filesystem access.
repo/scripts/update_openapi.py:187
    with open(spec_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): enterprise

python first-party
expand_more 223 low-confidence finding(s)
low env_fs production #73d92eea0a59790b Filesystem access.
repo/enterprise/enterprise_local/convert_to_env.py:18
        with open(yaml_file, 'r') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fdb533b883a6639 Filesystem access.
repo/enterprise/enterprise_local/convert_to_env.py:68
        with open(output_env_file, 'a') as env_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac6e4a4bcca82a57 Environment-variable access.
repo/enterprise/enterprise_local/convert_to_env.py:75
lite_llm_api_key = os.getenv('LITE_LLM_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6465a7ab1b05c1e2 Filesystem access.
repo/enterprise/enterprise_local/convert_to_env.py:127
with open(output_env_file, 'a') as env_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #0166b228987d9ffa Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/integrations/azure_devops/azure_devops_v1_callback_processor.py:133
            response = await httpx_client.post(
                url, json=payload, headers=headers, timeout=30.0
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #741acc493fa4f7e9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/integrations/bitbucket/bitbucket_v1_callback_processor.py:123
            response = await httpx_client.post(
                url, json=payload, headers=headers, timeout=30.0
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #687a0d1ee311263e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/integrations/bitbucket_data_center/bitbucket_dc_v1_callback_processor.py:123
            response = await httpx_client.post(
                url, json=payload, headers=headers, timeout=30.0
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #9a0c186fa14c94e9 Environment-variable access.
repo/enterprise/integrations/github/data_collector.py:51
    os.getenv('COLLECT_GITHUB_INTERACTIONS', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #f400fd024b2b3745 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/integrations/gitlab/gitlab_v1_callback_processor.py:163
            response = await httpx_client.post(
                url,
                json=payload,
                headers=headers,
                timeout=30.0,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3d2efff6612e5b78 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/integrations/jira/jira_manager.py:350
            response = await client.post(
                url, auth=(svc_acc_email, svc_acc_api_key), json=data
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5057f44026ab7d49 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/integrations/jira/jira_v1_callback_processor.py:173
            response = await httpx_client.post(
                url,
                json=payload,
                headers=headers,
                timeout=JIRA_HTTP_TIMEOUT,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #58dff722e4af9a45 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/integrations/jira/jira_v1_callback_processor.py:241
            response = await client.post(
                comment_url,
                auth=(self.svc_acc_email, self.decrypted_api_key),
                json=comment_body,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9fbf4fbd5e997012 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/integrations/jira_dc/jira_dc_manager.py:818
            response = await client.post(url, headers=headers, json=data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f7d924d4fb78074a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/integrations/jira_dc/jira_dc_manager.py:846
            response = await client.post(url, headers=headers, json=data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3becc2e769401476 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/integrations/jira_dc/jira_dc_manager.py:924
                response = await client.put(
                    f'{collection_url}/{webhook_id}',
                    headers=headers,
                    json={**payload, 'id': webhook_id},
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ceddfa9c96c42a32 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/integrations/jira_dc/jira_dc_manager.py:933
            response = await client.post(
                collection_url, headers=headers, json={**payload, 'id': None}
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #53f6a4ce633d74c9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/integrations/jira_dc/jira_dc_user_token.py:87
            response = await client.post(
                JIRA_DC_TOKEN_URL,
                data={
                    'grant_type': 'refresh_token',
                    'client_id': JIRA_DC_CLIENT_ID,
                    'client_secret': JIRA_DC_CLIENT_SECRET,
                    'refresh_token': refresh_token,
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2d3aca0a811e7c49 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/integrations/jira_dc/jira_dc_v1_callback_processor.py:183
            response = await httpx_client.post(
                url,
                json=payload,
                headers=headers,
                timeout=JIRA_DC_HTTP_TIMEOUT,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4b72a87df01c7469 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/integrations/jira_dc/jira_dc_v1_callback_processor.py:262
            response = await client.post(
                comment_url,
                headers=headers,
                json=comment_body,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2154ed2cd655c79c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/integrations/jira_dc/jira_dc_view.py:326
                response = await httpx_client.post(
                    url,
                    json=payload,
                    headers=headers,
                    timeout=JIRA_DC_HTTP_TIMEOUT,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9d2865bb31dbf3b8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/integrations/slack/slack_manager.py:301
                response = await client.post(response_url, json=message)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #adbd252dbbd20c85 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/integrations/slack/slack_view.py:434
                response = await httpx_client.post(
                    url,
                    json=payload,
                    headers=headers,
                    timeout=30.0,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #17c6e368815d8649 Environment-variable access.
repo/enterprise/integrations/utils.py:23
    os.getenv('ENABLE_PROACTIVE_CONVERSATION_STARTERS', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02212f0b70ef828f Environment-variable access.
repo/enterprise/integrations/utils.py:107
    os.getenv('OPENHANDS_RESOLVER_TEMPLATES_DIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #031c3d48c98c0cf4 Environment-variable access.
repo/enterprise/integrations/utils.py:130
    override = os.getenv('OH_RESOLVER_LABEL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df2f14fb55cab8e9 Environment-variable access.
repo/enterprise/migrations/env.py:24
DB_USER = os.getenv('DB_USER', 'postgres')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #658fb9fc06e5ee27 Environment-variable access.
repo/enterprise/migrations/env.py:25
DB_PASS = os.getenv('DB_PASS', 'postgres')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18fd9b6241f33ff3 Environment-variable access.
repo/enterprise/migrations/env.py:26
DB_HOST = os.getenv('DB_HOST', 'localhost')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe4f6b797ed15515 Environment-variable access.
repo/enterprise/migrations/env.py:27
DB_PORT = os.getenv('DB_PORT', '5432')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7188c75380f4fe5 Environment-variable access.
repo/enterprise/migrations/env.py:28
DB_NAME = os.getenv('DB_NAME', 'openhands')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b67df48069634aff Environment-variable access.
repo/enterprise/migrations/env.py:33
DB_DRIVER = os.getenv('DB_DRIVER', 'pg8000')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #edcb49d0a92a8961 Environment-variable access.
repo/enterprise/migrations/env.py:34
DB_SSL_MODE = os.getenv('DB_SSL_MODE') or os.getenv('PGSSLMODE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fafef618d3247741 Environment-variable access.
repo/enterprise/migrations/env.py:36
GCP_DB_INSTANCE = os.getenv('GCP_DB_INSTANCE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b1e23c620a75992 Environment-variable access.
repo/enterprise/migrations/env.py:37
GCP_PROJECT = os.getenv('GCP_PROJECT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #801f23dcf52fdb28 Environment-variable access.
repo/enterprise/migrations/env.py:38
GCP_REGION = os.getenv('GCP_REGION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d99f298d911be7e5 Environment-variable access.
repo/enterprise/migrations/env.py:40
POOL_SIZE = int(os.getenv('DB_POOL_SIZE', '25'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f1d912e05a1e463 Environment-variable access.
repo/enterprise/migrations/env.py:41
MAX_OVERFLOW = int(os.getenv('DB_MAX_OVERFLOW', '10'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cac049f2c74caef0 Environment-variable access.
repo/enterprise/migrations/versions/019_remove_duplicates_from_stripe.py:28
    if 'STRIPE_API_KEY' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53dc888073013f6e Environment-variable access.
repo/enterprise/migrations/versions/019_remove_duplicates_from_stripe.py:32
    stripe.api_key = os.environ['STRIPE_API_KEY']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62b4a0c0de32808b Environment-variable access.
repo/enterprise/migrations/versions/099_create_user_authorizations_table.py:34
    blacklist_patterns = os.environ.get('EMAIL_PATTERN_BLACKLIST', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f7860d74e270b7d Environment-variable access.
repo/enterprise/migrations/versions/099_create_user_authorizations_table.py:35
    whitelist_patterns = os.environ.get('EMAIL_PATTERN_WHITELIST', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f750006766562778 Environment-variable access.
repo/enterprise/saas_server.py:8
if not os.getenv('OPENHANDS_CONFIG_CLS'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8c9c2c34dd54c2b Environment-variable access.
repo/enterprise/saas_server.py:9
    os.environ['OPENHANDS_CONFIG_CLS'] = 'server.config.SaaSServerConfig'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19293909a2d7f361 Environment-variable access.
repo/enterprise/saas_server.py:13
os.environ['SERVE_FRONTEND'] = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50c13eacb82048e5 Environment-variable access.
repo/enterprise/saas_server.py:82
directory = os.getenv('FRONTEND_DIRECTORY', './frontend/build')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1326419afad63f2d Environment-variable access.
repo/enterprise/server/app_lifespan/saas_app_lifespan_service.py:27
        api_key = os.environ.get('POSTHOG_CLIENT_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #960447e9af45e699 Environment-variable access.
repo/enterprise/server/app_lifespan/saas_app_lifespan_service.py:28
        host = os.environ.get('POSTHOG_HOST', 'https://us.i.posthog.com')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #296bfd8e9384b69b Environment-variable access.
repo/enterprise/server/auth/constants.py:5
GITHUB_APP_CLIENT_ID = os.getenv('GITHUB_APP_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2299d06d4c94adb6 Environment-variable access.
repo/enterprise/server/auth/constants.py:6
GITHUB_APP_CLIENT_SECRET = os.getenv('GITHUB_APP_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb873e23ad2abf82 Environment-variable access.
repo/enterprise/server/auth/constants.py:7
GITHUB_APP_WEBHOOK_SECRET = os.getenv('GITHUB_APP_WEBHOOK_SECRET', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f92cc047fe35ce5 Environment-variable access.
repo/enterprise/server/auth/constants.py:8
GITHUB_APP_PRIVATE_KEY = os.getenv('GITHUB_APP_PRIVATE_KEY', '').replace('\\n', '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b5846721ee5d308 Environment-variable access.
repo/enterprise/server/auth/constants.py:9
KEYCLOAK_SERVER_URL = os.getenv('KEYCLOAK_SERVER_URL', '').rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #527c200e62d971a6 Environment-variable access.
repo/enterprise/server/auth/constants.py:10
KEYCLOAK_REALM_NAME = os.getenv('KEYCLOAK_REALM_NAME', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b703fb44be8f7363 Environment-variable access.
repo/enterprise/server/auth/constants.py:11
KEYCLOAK_CLIENT_ID = os.getenv('KEYCLOAK_CLIENT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f13d2bd52669b29d Environment-variable access.
repo/enterprise/server/auth/constants.py:12
KEYCLOAK_CLIENT_SECRET = os.getenv('KEYCLOAK_CLIENT_SECRET', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc2db79be884f338 Environment-variable access.
repo/enterprise/server/auth/constants.py:13
KEYCLOAK_SERVER_URL_EXT = os.getenv(
    'KEYCLOAK_SERVER_URL_EXT', f'https://{os.getenv("AUTH_WEB_HOST", "")}'
).rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #907396b625640b3f Environment-variable access.
repo/enterprise/server/auth/constants.py:14
    'KEYCLOAK_SERVER_URL_EXT', f'https://{os.getenv("AUTH_WEB_HOST", "")}'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5aaf5a4d3e51a30f Environment-variable access.
repo/enterprise/server/auth/constants.py:16
KEYCLOAK_ADMIN_PASSWORD = os.getenv('KEYCLOAK_ADMIN_PASSWORD', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de44ed476b0adc9b Environment-variable access.
repo/enterprise/server/auth/constants.py:17
GITLAB_APP_CLIENT_ID = os.getenv('GITLAB_APP_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c846127d6f453d00 Environment-variable access.
repo/enterprise/server/auth/constants.py:18
GITLAB_APP_CLIENT_SECRET = os.getenv('GITLAB_APP_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd3bc79cd6e0f44f Environment-variable access.
repo/enterprise/server/auth/constants.py:20
BITBUCKET_APP_CLIENT_ID = os.getenv('BITBUCKET_APP_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f85b36015d652f5 Environment-variable access.
repo/enterprise/server/auth/constants.py:21
BITBUCKET_APP_CLIENT_SECRET = os.getenv('BITBUCKET_APP_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4420d29623137f1b Environment-variable access.
repo/enterprise/server/auth/constants.py:22
AZURE_DEVOPS_CLIENT_ID = os.getenv('AZURE_DEVOPS_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4278609c7f487eeb Environment-variable access.
repo/enterprise/server/auth/constants.py:23
AZURE_DEVOPS_CLIENT_SECRET = os.getenv('AZURE_DEVOPS_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b9d42688f051f16 Environment-variable access.
repo/enterprise/server/auth/constants.py:24
AZURE_DEVOPS_TENANT_ID = os.getenv('AZURE_DEVOPS_TENANT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45f03452d016f0fb Environment-variable access.
repo/enterprise/server/auth/constants.py:25
AZURE_DEVOPS_ORGANIZATION = os.getenv('AZURE_DEVOPS_ORGANIZATION', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd2b3a764155e84c Environment-variable access.
repo/enterprise/server/auth/constants.py:26
AZURE_DEVOPS_WEBHOOK_SECRET = os.getenv('AZURE_DEVOPS_WEBHOOK_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #722a333d939099c6 Environment-variable access.
repo/enterprise/server/auth/constants.py:27
AZURE_DEVOPS_SCOPE = os.getenv(
    'AZURE_DEVOPS_SCOPE', 'https://app.vssps.visualstudio.com/.default'
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8df7f67ecbaa0a6b Environment-variable access.
repo/enterprise/server/auth/constants.py:35
ENABLE_ENTERPRISE_SSO = os.getenv('ENABLE_ENTERPRISE_SSO', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d6d547656709eeb Environment-variable access.
repo/enterprise/server/auth/constants.py:36
ENABLE_JIRA = os.environ.get('ENABLE_JIRA', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #341c37934dde1a9c Environment-variable access.
repo/enterprise/server/auth/constants.py:37
ENABLE_JIRA_DC = os.environ.get('ENABLE_JIRA_DC', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac3183a0572e00b1 Environment-variable access.
repo/enterprise/server/auth/constants.py:38
ENABLE_LINEAR = os.environ.get('ENABLE_LINEAR', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23cc9ab815622328 Environment-variable access.
repo/enterprise/server/auth/constants.py:39
ENABLE_AUTOMATIONS = os.environ.get('ENABLE_AUTOMATIONS', 'true') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1714dd4010c31366 Environment-variable access.
repo/enterprise/server/auth/constants.py:40
JIRA_CLIENT_ID = os.getenv('JIRA_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7bc38e320e856e7e Environment-variable access.
repo/enterprise/server/auth/constants.py:41
JIRA_CLIENT_SECRET = os.getenv('JIRA_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #890ca378c4ab3a68 Environment-variable access.
repo/enterprise/server/auth/constants.py:43
JIRA_HTTP_TIMEOUT = float(os.getenv('JIRA_HTTP_TIMEOUT', '30'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5286819c6fb907d4 Environment-variable access.
repo/enterprise/server/auth/constants.py:44
LINEAR_CLIENT_ID = os.getenv('LINEAR_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78b85824b6c69f26 Environment-variable access.
repo/enterprise/server/auth/constants.py:45
LINEAR_CLIENT_SECRET = os.getenv('LINEAR_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d54d35804abe796e Environment-variable access.
repo/enterprise/server/auth/constants.py:46
JIRA_DC_CLIENT_ID = os.getenv('JIRA_DC_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8f43da7e29dd7c7 Environment-variable access.
repo/enterprise/server/auth/constants.py:47
JIRA_DC_CLIENT_SECRET = os.getenv('JIRA_DC_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed27b7b889106069 Environment-variable access.
repo/enterprise/server/auth/constants.py:48
JIRA_DC_BASE_URL = os.getenv('JIRA_DC_BASE_URL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09a4ae64b20c9ae4 Environment-variable access.
repo/enterprise/server/auth/constants.py:49
JIRA_DC_ENABLE_OAUTH = os.getenv('JIRA_DC_ENABLE_OAUTH', '1') in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7addc357574b739f Environment-variable access.
repo/enterprise/server/auth/constants.py:50
JIRA_DC_SERVICE_ACCOUNT_EMAIL = os.getenv('JIRA_DC_SERVICE_ACCOUNT_EMAIL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4083ed7f749b021 Environment-variable access.
repo/enterprise/server/auth/constants.py:51
JIRA_DC_SERVICE_ACCOUNT_PAT = os.getenv('JIRA_DC_SERVICE_ACCOUNT_PAT', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f48d2988522ae0d Environment-variable access.
repo/enterprise/server/auth/constants.py:53
JIRA_DC_HTTP_TIMEOUT = float(os.getenv('JIRA_DC_HTTP_TIMEOUT', '30'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae70fb018771e124 Environment-variable access.
repo/enterprise/server/auth/constants.py:54
AUTH_URL = os.getenv('AUTH_URL', '').rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8b7208ed453732c Environment-variable access.
repo/enterprise/server/auth/constants.py:55
ROLE_CHECK_ENABLED = os.getenv('ROLE_CHECK_ENABLED', 'false').lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de48f77ea630bcee Environment-variable access.
repo/enterprise/server/auth/constants.py:64
DUPLICATE_EMAIL_CHECK = os.getenv('DUPLICATE_EMAIL_CHECK', 'true') in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e9cfbb8168bf6f0 Environment-variable access.
repo/enterprise/server/auth/constants.py:65
BITBUCKET_DATA_CENTER_CLIENT_ID = os.getenv(
    'BITBUCKET_DATA_CENTER_CLIENT_ID', ''
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8ddd7bb7ec2b6bf Environment-variable access.
repo/enterprise/server/auth/constants.py:68
BITBUCKET_DATA_CENTER_CLIENT_SECRET = os.getenv(
    'BITBUCKET_DATA_CENTER_CLIENT_SECRET', ''
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a423ea3f7bbc3014 Environment-variable access.
repo/enterprise/server/auth/constants.py:71
BITBUCKET_DATA_CENTER_HOST = os.getenv('BITBUCKET_DATA_CENTER_HOST', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57a62c221342ddc5 Environment-variable access.
repo/enterprise/server/auth/constants.py:78
BITBUCKET_DATA_CENTER_BOT_TOKEN = os.getenv(
    'BITBUCKET_DATA_CENTER_BOT_TOKEN', ''
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a22bde74956df02 Environment-variable access.
repo/enterprise/server/auth/constants.py:84
BITBUCKET_DATA_CENTER_BOT_USERNAME = os.getenv(
    'BITBUCKET_DATA_CENTER_BOT_USERNAME', ''
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9cfb3c11538d0d07 Environment-variable access.
repo/enterprise/server/auth/constants.py:92
RECAPTCHA_PROJECT_ID = os.getenv('RECAPTCHA_PROJECT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95f113a35ef67673 Environment-variable access.
repo/enterprise/server/auth/constants.py:93
RECAPTCHA_SITE_KEY = os.getenv('RECAPTCHA_SITE_KEY', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c73acd5c4b2681a6 Environment-variable access.
repo/enterprise/server/auth/constants.py:94
RECAPTCHA_HMAC_SECRET = os.getenv('RECAPTCHA_HMAC_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2dd1963a372aa9ed Environment-variable access.
repo/enterprise/server/auth/constants.py:95
RECAPTCHA_BLOCK_THRESHOLD = float(os.getenv('RECAPTCHA_BLOCK_THRESHOLD', '0.3'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd38a3b91e7ed222 Environment-variable access.
repo/enterprise/server/auth/constants.py:98
AUTOMATION_SERVICE_URL = os.getenv('AUTOMATION_SERVICE_URL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d8e37390d6a5bf2 Environment-variable access.
repo/enterprise/server/auth/constants.py:106
AUTOMATION_EVENT_FORWARDING_ENABLED = os.getenv(
    'AUTOMATION_EVENT_FORWARDING_ENABLED', 'false'
) in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bdd35c6461dc3357 Environment-variable access.
repo/enterprise/server/auth/constants.py:110
AUTOMATION_WEBHOOK_SECRET = os.getenv('AUTOMATION_WEBHOOK_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a92e39b28344bbb Environment-variable access.
repo/enterprise/server/auth/constants.py:112
AUTOMATION_SERVICE_TIMEOUT = int(os.getenv('AUTOMATION_SERVICE_TIMEOUT', '30'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #66c118df83204e0f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/auth/token_manager.py:404
            response = await client.post(url, data=payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6f2d7c85b45ab4c8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/auth/token_manager.py:432
            response = await client.post(url, data=payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5609db643829ddea Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/auth/token_manager.py:462
            response = await client.post(url, data=data, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b021f634e9133fc4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/auth/token_manager.py:489
            response = await client.post(url, data=payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #dc508f7914620504 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/auth/token_manager.py:520
            response = await client.post(AZURE_DEVOPS_TOKEN_URL, data=payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #234a76bb1792abc0 Environment-variable access.
repo/enterprise/server/config.py:57
    config_cls: str = os.environ.get('OPENHANDS_CONFIG_CLS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8566b9e555011354 Environment-variable access.
repo/enterprise/server/config.py:59
    posthog_client_key: str = os.environ.get('POSTHOG_CLIENT_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #263a20c6ee70379f Environment-variable access.
repo/enterprise/server/config.py:60
    github_client_id: str = os.environ.get('GITHUB_APP_CLIENT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #284fc4ca616c74e4 Environment-variable access.
repo/enterprise/server/config.py:61
    enable_billing = os.environ.get('ENABLE_BILLING', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a67878ff17e0ad41 Environment-variable access.
repo/enterprise/server/config.py:62
    hide_llm_settings = os.environ.get('HIDE_LLM_SETTINGS', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #013d61e8efdfb575 Environment-variable access.
repo/enterprise/server/config.py:63
    auth_url: str | None = os.environ.get('AUTH_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60790b9367aabbfe Environment-variable access.
repo/enterprise/server/config.py:75
    maintenance_start_time: str = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fe0f01a3b14c474 Environment-variable access.
repo/enterprise/server/config.py:75
    maintenance_start_time: str = os.environ.get(
        'MAINTENANCE_START_TIME', ''
    )  # Timestamp in EST e.g 2025-07-29T14:18:01.219616-04:00

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a31360ac2247f47 Environment-variable access.
repo/enterprise/server/config.py:82
    enable_onboarding = os.environ.get('OH_ENABLE_ONBOARDING', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #edc976775fc88bd7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/enterprise/server/config.py:118
        response = requests.get('https://api.github.com/app', headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #bfc9b940e93bbe5a Environment-variable access.
repo/enterprise/server/constants.py:5
HOST = os.getenv('WEB_HOST', 'app.all-hands.dev').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62aadca9eae24eb1 Environment-variable access.
repo/enterprise/server/constants.py:26
BYOR_KEY_ALIAS_PATTERN = os.getenv(
    'BYOR_KEY_ALIAS_PATTERN', 'BYOR Key - user {user_id}, org {org_id}'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6b4a24b4312cbc9 Environment-variable access.
repo/enterprise/server/constants.py:49
    explicit = os.getenv('OH_DEPLOYMENT_MODE', '').strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95d7c5eca56fc384 Environment-variable access.
repo/enterprise/server/constants.py:65
DEFAULT_BILLING_MARGIN = float(os.environ.get('DEFAULT_BILLING_MARGIN', '1.0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57308d07b8c33944 Environment-variable access.
repo/enterprise/server/constants.py:78
LITELLM_DEFAULT_MODEL = os.getenv('LITELLM_DEFAULT_MODEL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0ac0b4e87584291 Environment-variable access.
repo/enterprise/server/constants.py:79
OPENHANDS_LLM_PROVIDER_ROUTE = os.getenv('OPENHANDS_LLM_PROVIDER_ROUTE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c63d985d102c44b6 Environment-variable access.
repo/enterprise/server/constants.py:80
OPENHANDS_DEFAULT_LLM_MODEL = os.getenv('OPENHANDS_DEFAULT_LLM_MODEL') or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7efb316959107ea7 Environment-variable access.
repo/enterprise/server/constants.py:80
OPENHANDS_DEFAULT_LLM_MODEL = os.getenv('OPENHANDS_DEFAULT_LLM_MODEL') or os.getenv(
    'LLM_MODEL'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4bd3a8fc25761f90 Environment-variable access.
repo/enterprise/server/constants.py:83
OPENHANDS_DEFAULT_LLM_BASE_URL = os.getenv(
    'OPENHANDS_DEFAULT_LLM_BASE_URL'
) or os.getenv('LLM_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31eb7b3dae713c5b Environment-variable access.
repo/enterprise/server/constants.py:85
) or os.getenv('LLM_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5dc915da86e02be Environment-variable access.
repo/enterprise/server/constants.py:86
OPENHANDS_DEFAULT_LLM_API_KEY = os.getenv('OPENHANDS_DEFAULT_LLM_API_KEY') or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dd864a71b650571 Environment-variable access.
repo/enterprise/server/constants.py:86
OPENHANDS_DEFAULT_LLM_API_KEY = os.getenv('OPENHANDS_DEFAULT_LLM_API_KEY') or os.getenv(
    'LLM_API_KEY'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19243f1a5725524c Environment-variable access.
repo/enterprise/server/constants.py:94
LITE_LLM_API_URL = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c4b91cd4cfe2463 Environment-variable access.
repo/enterprise/server/constants.py:94
LITE_LLM_API_URL = os.environ.get(
    'LITE_LLM_API_URL', 'https://llm-proxy.app.all-hands.dev'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de467182e49008d3 Environment-variable access.
repo/enterprise/server/constants.py:97
LITE_LLM_TEAM_ID = os.environ.get('LITE_LLM_TEAM_ID', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #686a0792764a4897 Environment-variable access.
repo/enterprise/server/constants.py:98
LITE_LLM_API_KEY = os.environ.get('LITE_LLM_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5791dc03e032d696 Environment-variable access.
repo/enterprise/server/constants.py:114
STRIPE_API_KEY = os.environ.get('STRIPE_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df9c0c6990a05ad8 Environment-variable access.
repo/enterprise/server/constants.py:115
REQUIRE_PAYMENT = os.environ.get('REQUIRE_PAYMENT', '0') in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20c4460829460485 Environment-variable access.
repo/enterprise/server/constants.py:117
SLACK_CLIENT_ID = os.environ.get('SLACK_CLIENT_ID', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #414b9ee0075b56fb Environment-variable access.
repo/enterprise/server/constants.py:118
SLACK_CLIENT_SECRET = os.environ.get('SLACK_CLIENT_SECRET', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2167848c2701cab7 Environment-variable access.
repo/enterprise/server/constants.py:119
SLACK_SIGNING_SECRET = os.environ.get('SLACK_SIGNING_SECRET', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #225a8c0e453ae270 Environment-variable access.
repo/enterprise/server/constants.py:120
SLACK_WEBHOOKS_ENABLED = os.environ.get('SLACK_WEBHOOKS_ENABLED', '0') in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69fd50aa51d61c1c Environment-variable access.
repo/enterprise/server/constants.py:122
WEB_HOST = os.getenv('WEB_HOST', 'app.all-hands.dev').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87335555e2c192cf Environment-variable access.
repo/enterprise/server/constants.py:125
    for host in (os.getenv('PERMITTED_CORS_ORIGINS') or f'https://{WEB_HOST}').split(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0282c22823c6ee17 Environment-variable access.
repo/enterprise/server/constants.py:131
DEFAULT_V1_ENABLED = os.getenv('DEFAULT_V1_ENABLED', '1').lower() in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73990f4c32bdbc4c Environment-variable access.
repo/enterprise/server/constants.py:139
USER_PROVISIONING_ENABLED = os.getenv('USER_PROVISIONING_ENABLED', 'false').lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc875d62c9d3a029 Environment-variable access.
repo/enterprise/server/constants.py:149
OPEN_ORG_CREATION_ENABLED = os.getenv('OPEN_ORG_CREATION_ENABLED', 'false').lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f176554d6a9b3cc1 Environment-variable access.
repo/enterprise/server/logger.py:13
LOG_JSON = os.getenv('LOG_JSON', '1') == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8744d92386e3297a Environment-variable access.
repo/enterprise/server/logger.py:14
LOG_LEVEL = os.getenv('LOG_LEVEL', 'INFO').upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63609f7b4c8f07c3 Environment-variable access.
repo/enterprise/server/logger.py:15
DEBUG = os.getenv('DEBUG', 'False').lower() in ['true', '1', 'yes']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92fb45b1b56a087b Environment-variable access.
repo/enterprise/server/logger.py:26
LOG_JSON_FOR_CONSOLE = int(os.getenv('LOG_JSON_FOR_CONSOLE', '0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #241f138194d2860b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/routes/api_keys.py:228
@api_router.post('', tags=['Keys'])

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #80234f7964777f74 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/routes/api_keys.py:502
@api_router.post('/llm/byor/refresh', tags=['Keys'])

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e0d09fb67d4624b4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/routes/auth.py:704
@api_router.post('/authenticate')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #38d409cc61c50476 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/routes/auth.py:949
@api_router.post('/accept_tos')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #db61c5f8f5a61fb3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/routes/auth.py:1095
@api_router.post('/complete_onboarding')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2ce268f00e405b13 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/routes/auth.py:1168
@api_router.post('/logout')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ed5c895c6997f38c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/routes/email.py:45
@api_router.post('')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9730a3e3cf2f29a5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/routes/email.py:116
@api_router.put('/resend')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #f7167b18091b0efb Environment-variable access.
repo/enterprise/server/routes/github_proxy.py:14
GITHUB_PROXY_ENDPOINTS = bool(os.environ.get('GITHUB_PROXY_ENDPOINTS'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #145c035bbcb84cbc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/routes/github_proxy.py:94
            response = await client.post(url, content=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #bd52020f323916df Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/routes/github_proxy.py:108
            response = await client.post(url, content=body, headers=request.headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #e25455660aaba506 Environment-variable access.
repo/enterprise/server/routes/integration/github.py:22
GITHUB_WEBHOOKS_ENABLED = os.environ.get('GITHUB_WEBHOOKS_ENABLED', '1') in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e7403d7b2f886c4 Environment-variable access.
repo/enterprise/server/routes/integration/jira.py:27
JIRA_WEBHOOKS_ENABLED = os.environ.get('JIRA_WEBHOOKS_ENABLED', '0') in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #9ae9b67e72f9e779 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/routes/integration/jira.py:485
        response = await client.post(JIRA_TOKEN_URL, json=token_payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #e99e05f29184a539 Environment-variable access.
repo/enterprise/server/routes/integration/jira_dc.py:56
JIRA_DC_WEBHOOKS_ENABLED = os.environ.get('JIRA_DC_WEBHOOKS_ENABLED', '0') in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #2d715f9ceddf7431 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/routes/integration/jira_dc.py:934
            response = await client.post(JIRA_DC_TOKEN_URL, data=token_payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #a15830ac4ea09e76 Environment-variable access.
repo/enterprise/server/routes/service.py:23
AUTOMATIONS_SERVICE_KEY = os.getenv('AUTOMATIONS_SERVICE_KEY', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #a2c8954ea5253435 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/services/automation_event_service.py:607
                async with session.post(
                    url,
                    data=payload_bytes,
                    headers=headers,
                    timeout=aiohttp.ClientTimeout(total=AUTOMATION_SERVICE_TIMEOUT),
                ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #868d8137df05891a Environment-variable access.
repo/enterprise/server/services/email_service.py:32
        resend_api_key = os.environ.get('RESEND_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5687669549766ca5 Environment-variable access.
repo/enterprise/server/services/email_service.py:48
        return RESEND_AVAILABLE and bool(os.environ.get('RESEND_API_KEY'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8a7a0aff9ac345d Environment-variable access.
repo/enterprise/server/services/email_service.py:57
        web_host = os.environ.get('WEB_HOST', DEFAULT_WEB_HOST).strip().rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f40d1c15e973ba94 Environment-variable access.
repo/enterprise/server/services/email_service.py:91
        from_email = os.environ.get('RESEND_FROM_EMAIL', DEFAULT_FROM_EMAIL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0cd0b649556e3a92 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:30
        host = os.environ.get('SMTP_HOST')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68d0a32e73ea4d51 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:34
        port_value = os.environ.get('SMTP_PORT', '587')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc241cd25651d6f0 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:44
        use_ssl = os.environ.get('SMTP_USE_SSL', 'false').lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f18014120917f3eb Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:49
            os.environ.get('SMTP_USE_TLS', 'true').lower() in ('true', '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d059194735073500 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:58
            'username': os.environ.get('SMTP_USERNAME', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a8c17141c159c11 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:59
            'password': os.environ.get('SMTP_PASSWORD', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa7dd8f2ae0db2c9 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:60
            'from_email': os.environ.get('SMTP_FROM_EMAIL', DEFAULT_FROM_EMAIL),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cca0f3b0d6bfd3ca Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:123
        web_host = os.environ.get('WEB_HOST', DEFAULT_WEB_HOST).strip().rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50c1c286f24bff91 Environment-variable access.
repo/enterprise/server/sharing/aws_shared_event_service.py:139
        default_factory=lambda: os.environ.get('FILE_STORE_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f24f547692a4c0f0 Environment-variable access.
repo/enterprise/server/sharing/aws_shared_event_service.py:163
                endpoint_url=os.getenv('AWS_S3_ENDPOINT'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2aa39c99bd0e806 Environment-variable access.
repo/enterprise/server/sharing/google_cloud_shared_event_service.py:135
        default_factory=lambda: os.environ.get('FILE_STORE_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77df0a084e10b466 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:16
RATE_LIMIT_AUTH_WINDOWS = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2505aef77457ab4 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:16
RATE_LIMIT_AUTH_WINDOWS = os.environ.get(
    'RATE_LIMIT_AUTH_WINDOWS', '10/second; 100/minute'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81d4e9244fd3d374 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:23
    os.environ.get('RATE_LIMIT_USER_SECONDS', '120')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c215951ce33a618 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:26
    os.environ.get('RATE_LIMIT_IP_SECONDS', '300')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bb85db1bdac45cc Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:31
    os.environ.get('RATE_LIMIT_AUTH_VERIFY_EMAIL_USER_SECONDS', '60')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #881f27059f36641e Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:34
    os.environ.get('RATE_LIMIT_AUTH_VERIFY_EMAIL_IP_SECONDS', '120')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef36acb8d344aec9 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:39
    os.environ.get('RATE_LIMIT_EMAIL_RESEND_USER_SECONDS', '30')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3db9ed893b0aac4 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:42
    os.environ.get('RATE_LIMIT_EMAIL_RESEND_IP_SECONDS', '60')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3dc9598a7a454fa Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:47
    os.environ.get('RATE_LIMIT_ORG_INVITATION_USER_SECONDS', '6')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #52b205a57d98bd71 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/verified_models/verified_model_router.py:61
@api_router.post('', status_code=201)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f78a28b6fb366041 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/server/verified_models/verified_model_router.py:84
@api_router.put('/{provider}/{model_name:path}')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #f21c0c2e9e4664c9 Environment-variable access.
repo/enterprise/storage/default_org_service.py:43
        value = os.getenv(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e84d9d18e3e597ff Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:36
ENABLE_BILLING = os.environ.get('ENABLE_BILLING', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d470c320544fbbb6 Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:53
        budget = float(os.environ.get('DEFAULT_INITIAL_BUDGET', 0.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64d58ea314dcd9f8 Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:154
        local_deploy = os.environ.get('LOCAL_DEPLOYMENT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4cca63dc2741e4d Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:313
        local_deploy = os.environ.get('LOCAL_DEPLOYMENT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a657c10ca860abc0 Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:521
        local_deploy = os.environ.get('LOCAL_DEPLOYMENT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #cf24244d9909341b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/storage/lite_llm_manager.py:712
        response = await client.post(
            f'{LITE_LLM_API_URL}/team/new',
            json=json_data,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #149a315f17664fd9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/storage/lite_llm_manager.py:776
        response = await client.post(
            f'{LITE_LLM_API_URL}/team/update',
            json=json_data,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4665cace33ba4cec Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/storage/lite_llm_manager.py:836
        response = await client.post(
            f'{LITE_LLM_API_URL}/user/new',
            json={
                'user_email': email,
                'models': [],
                'user_id': keycloak_user_id,
                'teams': [LITE_LLM_TEAM_ID],
                'auto_create_key': False,
                'send_invite_email': False,
                'metadata': {
                    'version': ORG_SETTINGS_VERSION,
                    'model': get_default_litellm_model(),
                },
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #45fdff14c1772c29 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/storage/lite_llm_manager.py:860
            response = await client.post(
                f'{LITE_LLM_API_URL}/user/new',
                json={
                    'user_email': None,
                    'models': [],
                    'user_id': keycloak_user_id,
                    'teams': [LITE_LLM_TEAM_ID],
                    'auto_create_key': False,
                    'send_invite_email': False,
                    'metadata': {
                        'version': ORG_SETTINGS_VERSION,
                        'model': get_default_litellm_model(),
                    },
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #45479c867e09bbac Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/storage/lite_llm_manager.py:943
        response = await client.post(
            f'{LITE_LLM_API_URL}/user/update',
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #08116802402e7e89 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/storage/lite_llm_manager.py:975
        response = await client.post(
            f'{LITE_LLM_API_URL}/key/update',
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f66f7631b71968fa Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/storage/lite_llm_manager.py:1079
        response = await client.post(
            f'{LITE_LLM_API_URL}/user/delete', json={'user_ids': [keycloak_user_id]}
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c65d28e39784979b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/storage/lite_llm_manager.py:1109
        response = await client.post(
            f'{LITE_LLM_API_URL}/team/delete',
            json={'team_ids': [team_id]},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #09dd5039af62f295 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/storage/lite_llm_manager.py:1164
        response = await client.post(
            f'{LITE_LLM_API_URL}/team/member_add',
            json=json_data,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d4c2798802f72c24 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/storage/lite_llm_manager.py:1260
        response = await client.post(
            f'{LITE_LLM_API_URL}/team/member_update',
            json=json_data,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1424c28ae31db16b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/storage/lite_llm_manager.py:1288
        response = await client.post(
            f'{LITE_LLM_API_URL}/team/member_delete',
            json={
                'team_id': team_id,
                'user_id': keycloak_user_id,
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7d8a87b6048c25af Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/storage/lite_llm_manager.py:1342
        response = await client.post(
            f'{LITE_LLM_API_URL}/key/generate',
            json=json_data,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #85dfc7e190355d68 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/storage/lite_llm_manager.py:1577
        response = await client.post(
            f'{LITE_LLM_API_URL}/key/delete',
            json={
                'key_aliases': [key_alias],
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5abafc1013421732 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/enterprise/storage/lite_llm_manager.py:1608
        response = await client.post(
            f'{LITE_LLM_API_URL}/key/delete',
            json={
                'keys': [key_id],
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #a44ca542579c93ed Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:47
RESEND_API_KEY = os.environ.get('RESEND_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ea4a3368d15594b Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:48
RESEND_AUDIENCE_ID = os.environ.get('RESEND_AUDIENCE_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51764a91c360641b Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:54
BATCH_SIZE = int(os.environ.get('BATCH_SIZE', '2000'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1e0b15c9150a54d Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:55
MAX_RETRIES = int(os.environ.get('MAX_RETRIES', '3'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #116a036346d9fcc4 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:56
INITIAL_BACKOFF_SECONDS = float(os.environ.get('INITIAL_BACKOFF_SECONDS', '1'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4dd94324035e27ed Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:57
MAX_BACKOFF_SECONDS = float(os.environ.get('MAX_BACKOFF_SECONDS', '60'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5aaa1acab025ae81 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:58
BACKOFF_FACTOR = float(os.environ.get('BACKOFF_FACTOR', '2'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e9e951d5ab5bf58 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:59
RATE_LIMIT = float(os.environ.get('RATE_LIMIT', '2'))  # Requests per second

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bac65ee167b68e6 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:277
            'from': os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a882c019c3089e3a Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:277
            'from': os.environ.get(
                'RESEND_FROM_EMAIL', 'OpenHands Team <[email protected]>'
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25ff113fd3f50f9f Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:280
            'reply_to': os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9484d90f60cfb231 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:280
            'reply_to': os.environ.get(
                'RESEND_REPLY_TO_EMAIL', '[email protected]'
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

litellm

python dependency
high pii_flow dependency Excluded from app score #1a4738d06332b890 A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:161 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:162 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:161
        response = httpx.post(
            self.token_url,
            data={
                "grant_type": "client_credentials",
                "client_id": self.client_id,
                "client_secret": self.client_secret,
                "scope": scope,
            },
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry dependency Excluded from app score #d49fa2f8bad8c108 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/_service_logger.py:15
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cef31a18bbffcee1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/base_cache.py:15
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bcf3d35e12a9bf54 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/disk_cache.py:7
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3cd8f1d75ede1c1d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/dual_cache.py:30
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bf6d2081224aa80f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/redis_cache.py:40
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2169662fb4857aac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/redis_cluster_cache.py:13
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e663775f658cbdc6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/_utils.py:15
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #062a8714c6106dc2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:19
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ded4db4181c7b8cc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:45
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dc65144df560f7e0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:46
        from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #807ae25aa91a430b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:10
    from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e5980e6d3c0a8c7b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:11
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bbc4afb7936871c8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:12
    from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #abe8d705f0cb543c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:61
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8d9102023f64be0c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:62
        from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #00bf5e1941269958 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:160
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e97022dcd4e82e8b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:202
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8649dba564cd2e1c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:247
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e4437cc9b8f57405 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/custom_logger.py:38
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow dependency Excluded from app score #46b0618446e7da2b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:115 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:96 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:115
        verbose_logger.debug(
            "constructed auth_header [set=%s]", auth_header is not None
        )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #6b5c9136d83b3e93 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/integrations/lago.py:198 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/integrations/lago.py:178 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/integrations/lago.py:198
            verbose_logger.debug(f"Logged Lago Object: {response.text}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #3abf6236d4ab6835 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/integrations/lago.py:201 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/integrations/lago.py:178 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/integrations/lago.py:201
                verbose_logger.debug(f"\nError Message: {response.text}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium telemetry dependency Excluded from app score #25480980471d2f02 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:19
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #af77dc973c416327 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel_attributes.py:28
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #af2b0fdc6fb14158 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/langtrace.py:7
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c37240cb43ffca03 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:7
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6aa7a284ea12661c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:28
    from opentelemetry.sdk.trace.export import SpanExporter as _SpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7a8d35b3e0b35638 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:29
    from opentelemetry.trace import Context as _Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #461b0784afb1dfcf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:30
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6cbad717d76ee500 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:31
    from opentelemetry.trace import Tracer as _Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #47715b223e3be8be Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:109
        from opentelemetry.sdk.trace.export.in_memory_span_exporter import (
            InMemorySpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6cd0d743f95d4abc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:190
        from opentelemetry.sdk.resources import OTELResourceDetector, Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4bb811c77bc574d2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:310
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #09d40857064fa656 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:311
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1b96b720d8513a74 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:312
        from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cd288f39e77fef96 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:346
        from opentelemetry import metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9513f2d5e0acefc6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:347
        from opentelemetry.sdk.metrics import MeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #53f4bc9986005c1d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:406
        from opentelemetry._logs import get_logger_provider, set_logger_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ad1a0c99cfe245d2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:407
        from opentelemetry.sdk._logs import LoggerProvider as OTLoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f4c6422547f3af5f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:408
        from opentelemetry.sdk._logs.export import BatchLogRecordProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #17328c0824cc4ff1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:450
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f4abae86c60ce2af Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:451
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2ff638338bcbe000 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:510
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #affcc7e30fe7aba8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:511
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #807984ea01029e7f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:572
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #47be0257e86e2e3e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:573
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #885bfe7da0b7c525 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:687
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8a8d961bfbef6da4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:758
            from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6518685126d1927f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:805
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #23b1fa6654c416aa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:825
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ce8c10188651cfaf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:826
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3f286d9e474aeb49 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1090
        from opentelemetry._logs import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d4d5bc0f1e84b824 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1093
            from opentelemetry.sdk._logs import (  # type: ignore[attr-defined]  # OTEL < 1.39.0
                LogRecord as SdkLogRecord,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c1339730a36e5a59 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1097
            from opentelemetry.sdk._logs._internal import (
                LogRecord as SdkLogRecord,  # type: ignore[attr-defined]  # OTEL >= 1.39.0

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ed8e685cfbfe8443 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1179
        from opentelemetry import trace as _trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3b0d391c12d7b6b2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1267
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2af480572fe59443 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1940
        from opentelemetry.trace.propagation.tracecontext import (
            TraceContextTextMapPropagator,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #13058193a165e896 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1951
        from opentelemetry import context, trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #34bbc6a90e1fa5db Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1952
        from opentelemetry.trace.propagation.tracecontext import (
            TraceContextTextMapPropagator,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #374a51da03a6a986 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2007
        from opentelemetry.sdk.trace.export import (
            BatchSpanProcessor,
            ConsoleSpanExporter,
            SimpleSpanProcessor,
            SpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #923036de6bc01734 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2058
                from opentelemetry.exporter.otlp.proto.http.trace_exporter import (
                    OTLPSpanExporter as OTLPSpanExporterHTTP,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c1282a285ad601fd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2081
                from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import (
                    OTLPSpanExporter as OTLPSpanExporterGRPC,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3bdfea7251bfd730 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2141
            from opentelemetry.sdk._logs.export import ConsoleLogExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c7d103c386a0a28f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2153
            from opentelemetry.exporter.otlp.proto.http._log_exporter import (
                OTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fa6c14ff4bd8aade Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2167
                from opentelemetry.exporter.otlp.proto.grpc._log_exporter import (
                    OTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b5a47e17faa1cab0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2189
            from opentelemetry.sdk._logs.export import ConsoleLogExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a48f2448285f6973 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2197
        from opentelemetry.sdk.metrics import Histogram

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8c978aecb9405540 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2198
        from opentelemetry.sdk.metrics.export import (
            AggregationTemporality,
            ConsoleMetricExporter,
            PeriodicExportingMetricReader,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6781c3626cf17ab6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2225
            from opentelemetry.exporter.otlp.proto.http.metric_exporter import (
                OTLPMetricExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6133eb7c5ab73ec8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2238
                from opentelemetry.exporter.otlp.proto.grpc.metric_exporter import (
                    OTLPMetricExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #65a8ef186b466a94 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2359
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9e3b74838c2ed083 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2360
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #68f51ce1c52cef5a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2412
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e5fe89987edfb0b0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2413
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8b049c63da3de435 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry_utils/base_otel_llm_obs_attributes.py:5
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #34f999a1728cb585 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/traceloop.py:39
        from opentelemetry.semconv.ai import SpanAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #42e796ab01485bf9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/traceloop.py:40
        from opentelemetry.trace import SpanKind, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3630eb6831b70dbf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:8
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8c5945d3adcbc530 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:26
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d16f9d3b41e50f49 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/core_helpers.py:12
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e5d7703f42f3dd06 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3604
                    import sentry_sdk

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7299522c34cd396b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3610
                    import sentry_sdk

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #25622b2680a8e453 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3611
                from sentry_sdk.scrubber import EventScrubber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5b8f32e3b8f76ce3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/logging_utils.py:18
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d089b47b1d1dff27 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/llms/base_llm/managed_resources/base_managed_resource.py:30
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow dependency Excluded from app score #7e7b020da9800c31 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:944 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:925 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:944
            verbose_logger.debug(
                f"IRSA detected: using web identity token from {web_identity_token_file}"
            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #36a9bf70404da00d A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:192 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:176 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:192
        mock_response = httpx.Response(
            status_code=200,
            content=file_content,
            headers={"content-type": "application/octet-stream"},
            request=httpx.Request(method="GET", url=s3_uri),
        )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow dependency Excluded from app score #5a2de75d3656d148 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:394 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:341 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:394
        verbose_logger.debug(
            f"Databricks request headers: {self.redact_headers_for_logging(headers)}"
        )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #77215392f451a2d5 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:83 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:77 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:83
        response = httpx.get(path, headers=headers, params=params)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow dependency Excluded from app score #d156149f438a729b A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:665 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:592 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:665
        mock_response = HttpxResponse(
            status_code=200,
            content=json.dumps(response).encode("utf-8"),
            headers={"content-type": "application/json"},
        )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow dependency Excluded from app score #621d8b58b95287f3 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/main.py:2899 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/main.py:2852 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/main.py:2899
                logging.post_call(
                    input=messages,
                    api_key=api_key,
                    original_response=response,
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium telemetry dependency Excluded from app score #e85670f34fdb3d98 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/_types.py:64
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ff55692c19eb3e0b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/auth/auth_checks.py:83
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #009edb487303918b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/auth/auth_exception_handler.py:28
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow dependency Excluded from app score #d2b8113619cb66c5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:195 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:144 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:195
            verbose_proxy_logger.debug(
                "Oauth2 token validation for token=%s, response from endpoint=%s",
                token,
                data,
            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium telemetry dependency Excluded from app score #fa7b7b711068fbc4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/hooks/batch_rate_limiter.py:36
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2a27ba944f2c693a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/hooks/parallel_request_limiter.py:22
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4159d6d3521c20fb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/hooks/parallel_request_limiter_v3.py:36
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5b5984ec2ed803b5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:120
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b8450c1dd77c860d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/utils.py:139
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #af4818ff81e9cf25 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router.py:195
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bf867abe1eab8207 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_strategy/lowest_latency.py:16
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2c996a391ae2dbc7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:21
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #97940578564a8258 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/cooldown_cache.py:17
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bfbeee1f167d9279 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/cooldown_handlers.py:29
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a978100be237d42d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/handle_error.py:12
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #389bb9508f7cc524 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/health_state_cache.py:17
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ced4d695c741e996 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:24
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c45aff6dfdef2e3f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/prompt_caching_cache.py:16
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow dependency Excluded from app score #81562ed16bc0b3b2 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:76 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:73 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:76
    verbose_logger.info(
        f"For Azure AD Token Provider, choosing credential type: {cred}"
    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

expand_more 1477 low-confidence finding(s)
low env_fs dependency Excluded from app score #eada124c8d3a6201 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:19
if os.getenv("LITELLM_MODE", "DEV") == "DEV":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69f756195284d16a Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:87
litellm_mode = os.getenv("LITELLM_MODE", "DEV")  # "PRODUCTION", "DEV"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5a723033790967c Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:219
drop_params = bool(os.getenv("LITELLM_DROP_PARAMS", False))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddf06b1977150a31 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:220
modify_params = bool(os.getenv("LITELLM_MODIFY_PARAMS", False))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #495e93f03dc13c00 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:222
    os.getenv("LITELLM_USE_CHAT_COMPLETIONS_URL_FOR_ANTHROPIC_MESSAGES", False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76c3075b73dadb8f Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:225
    os.getenv("LITELLM_ROUTE_ALL_CHAT_OPENAI_TO_RESPONSES", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ec7b7dd85ce617e Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:376
model_cost_map_url: str = os.getenv(
    "LITELLM_MODEL_COST_MAP_URL",
    "https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json",
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c3621bcd306a092 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:380
blog_posts_url: str = os.getenv(
    "LITELLM_BLOG_POSTS_URL",
    "https://docs.litellm.ai/blog/rss.xml",
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe25c8c0ba2bdd67 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:384
anthropic_beta_headers_url: str = os.getenv(
    "LITELLM_ANTHROPIC_BETA_HEADERS_URL",
    "https://raw.githubusercontent.com/BerriAI/litellm/main/litellm/anthropic_beta_headers_config.json",
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13cae9771e33ae0f Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:2003
if os.getenv("LITELLM_DISABLE_LAZY_LOADING", "").lower() in ("1", "true", "yes", "on"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6360a7ac200503ff Environment-variable access.
pkgs/python/[email protected]/litellm/_logging.py:21
    os.getenv("LITELLM_DISABLE_REDACT_SECRETS", "").lower() != "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f748d8e4f008a57e Environment-variable access.
pkgs/python/[email protected]/litellm/_logging.py:84
json_logs = bool(os.getenv("JSON_LOGS", False))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #222ae8561eaf7756 Environment-variable access.
pkgs/python/[email protected]/litellm/_logging.py:86
log_level = os.getenv("LITELLM_LOG", "DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e6479c77620b655 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:159
    if "REDIS_URL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa99a96e994cad80 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:160
        return os.environ["REDIS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #660ed497220c9b43 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:162
    if "REDIS_HOST" not in os.environ or "REDIS_PORT" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6d13bfa4e308d2a Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:167
    if "REDIS_SSL" in os.environ and os.environ["REDIS_SSL"].lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #976e0c98fea0405b Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:174
    if "REDIS_USERNAME" in os.environ and "REDIS_PASSWORD" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd1338683192b6e9 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:175
        auth_part = f"{os.environ['REDIS_USERNAME']}:{os.environ['REDIS_PASSWORD']}@"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2a95049a33769c9 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:176
    elif "REDIS_PASSWORD" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f618f78fc4fc69d9 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:177
        auth_part = f"{os.environ['REDIS_PASSWORD']}@"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4126ab842c6ee52 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:179
    return f"{redis_protocol}://{auth_part}{os.environ['REDIS_HOST']}:{os.environ['REDIS_PORT']}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #b2a896faeb2af378 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/a2a_protocol/providers/bedrock_agentcore/handler.py:60
        response = await client.post(
            url,
            headers=headers,
            data=body,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ae99597e0d56bafc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/a2a_protocol/providers/bedrock_agentcore/handler.py:107
        response = await client.post(
            url,
            headers=headers,
            data=body,
            stream=True,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5b2a026e8e794b72 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/a2a_protocol/providers/pydantic_ai_agents/transformation.py:112
            response = await client.post(
                endpoint,
                json=poll_request,
                headers={"Content-Type": "application/json"},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1070e8e810fcf9b6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/a2a_protocol/providers/pydantic_ai_agents/transformation.py:189
        response = await client.post(
            endpoint,
            json=a2a_request,
            headers={"Content-Type": "application/json"},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #5b71371b78bae97e Filesystem access.
pkgs/python/[email protected]/litellm/anthropic_beta_headers_manager.py:51
                files("litellm")
                .joinpath("anthropic_beta_headers_config.json")
                .read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a96a803b746c8ef Environment-variable access.
pkgs/python/[email protected]/litellm/anthropic_beta_headers_manager.py:142
    if os.getenv("LITELLM_LOCAL_ANTHROPIC_BETA_HEADERS", "").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a58248824ba5bb2 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:113
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #511f70eb776456ac Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:114
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec449ac36a3f51ab Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:120
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77ac33ad54045914 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:128
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d87b04cd932e388 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:318
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ef7e70f7443b1fe Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:319
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8afd690938f8c6a8 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:325
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #652260e20f35d154 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:333
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aaa9f5f28f1253df Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:495
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ca378e8b57d2f0b Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:496
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0323f5dc5348b05 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:502
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fa107214efe7337 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:510
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe7f7fc84efaa364 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:684
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a637d347fd9d17e7 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:685
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #958aff9c0a40b200 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:691
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67bd33265fdb8561 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:699
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d54250f7035d790 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:840
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2852ae55c672c4e Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:841
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1d7187e34456050 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:847
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd4d88797d0dc241 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:855
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0d0e10f4ff2dda2 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1029
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b06d1097ac297478 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1030
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0abdfd3d56221fe Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1036
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e716bee6705e0176 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1044
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45c202b14df6a675 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1191
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfb73a64b925024e Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1192
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c00a45d7feeddfce Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1198
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #740079202d868b15 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1206
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02fc458e6b6121b7 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1390
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14c9b62ecdf1297a Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1391
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b60660a30613772b Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1397
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #055e24e2c9ba804a Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1405
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f413fef735e4385d Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:263
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d5d3e266292848f Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:264
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1543150d234808a2 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:270
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #900dca0a753fafb7 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:278
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96ab424cdb2faa57 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:432
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f485b71fed8fbade Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:433
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2597bd9393de184c Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:439
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf619aaea9c8d511 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:447
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2931a61cc2e6f2f4 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:765
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de1bc41cb09ec3e6 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:789
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7389acbd186d2118 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:790
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b638ec4951bc4322 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:796
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19da14125e87e9fd Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:991
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ed5b60b5c0f0d5b Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:992
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #223736773b8e4f22 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:998
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #607ecfcda5341934 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:1005
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #612a9f6c6f496300 Filesystem access.
pkgs/python/[email protected]/litellm/budget_manager.py:55
                with open("user_cost.json", "r") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e0c57d1b1a8a2970 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/budget_manager.py:65
            response = litellm.module_level_client.post(
                url, headers=self.headers, json=data
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #ccab793a3625decb Filesystem access.
pkgs/python/[email protected]/litellm/budget_manager.py:218
            with open("user_cost.json", "w") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #560b8fd3e1627683 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/budget_manager.py:226
            response = litellm.module_level_client.post(
                url, headers=self.headers, json=data
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #88b930c01407404c Environment-variable access.
pkgs/python/[email protected]/litellm/caching/qdrant_semantic_cache.py:79
            qdrant_api_base or os.getenv("QDRANT_URL") or os.getenv("QDRANT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c83193a7c9781242 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/qdrant_semantic_cache.py:81
        qdrant_api_key = qdrant_api_key or os.getenv("QDRANT_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3877bbddd9d90f46 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/redis_semantic_cache.py:95
                host = host or os.environ["REDIS_HOST"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7c718313501da01 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/redis_semantic_cache.py:96
                port = port or os.environ["REDIS_PORT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7801c55dfd90c46d Environment-variable access.
pkgs/python/[email protected]/litellm/caching/redis_semantic_cache.py:97
                password = password or os.environ["REDIS_PASSWORD"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f3811f2488648f1 Environment-variable access.
pkgs/python/[email protected]/litellm/completion_extras/litellm_responses_transformation/transformation.py:896
            or os.getenv("LITELLM_REASONING_AUTO_SUMMARY", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4ba8d24bbd2fb14 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:8
    os.getenv("DEFAULT_HEALTH_CHECK_PROMPT", "test from litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #640b9c51315dcae4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:11
    os.getenv("AZURE_DEFAULT_RESPONSES_API_VERSION", "preview")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40836b6fae3bd0df Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:13
ROUTER_MAX_FALLBACKS = int(os.getenv("ROUTER_MAX_FALLBACKS", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04201d250a2886a2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:14
DEFAULT_BATCH_SIZE = int(os.getenv("DEFAULT_BATCH_SIZE", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66ebe99011206fde Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:15
DEFAULT_FLUSH_INTERVAL_SECONDS = int(os.getenv("DEFAULT_FLUSH_INTERVAL_SECONDS", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8829a0317e8170d3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:17
    os.getenv("DEFAULT_S3_FLUSH_INTERVAL_SECONDS", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #976ec4e068930303 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:19
DEFAULT_S3_BATCH_SIZE = int(os.getenv("DEFAULT_S3_BATCH_SIZE", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #229f80956b279337 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:21
    os.getenv("DEFAULT_SQS_FLUSH_INTERVAL_SECONDS", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdeb93e43fdb2c3c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:24
    os.getenv("DEFAULT_NUM_WORKERS_LITELLM_PROXY", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac1bd793be272481 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:27
    os.getenv("DYNAMIC_RATE_LIMIT_ERROR_THRESHOLD_PER_MINUTE", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd1a079aaf3b8cf7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:29
DEFAULT_SQS_BATCH_SIZE = int(os.getenv("DEFAULT_SQS_BATCH_SIZE", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4254399e84de2e04 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:32
DEFAULT_MAX_RETRIES = int(os.getenv("DEFAULT_MAX_RETRIES", 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4804249edd318b24 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:33
DEFAULT_MAX_RECURSE_DEPTH = int(os.getenv("DEFAULT_MAX_RECURSE_DEPTH", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0a320cf6b68e380 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:35
    os.getenv("DEFAULT_MAX_RECURSE_DEPTH_SENSITIVE_DATA_MASKER", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a565c28d9737bab Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:38
    os.getenv("DEFAULT_FAILURE_THRESHOLD_PERCENT", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e176fb361ae7e1f3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:40
DEFAULT_MAX_TOKENS = int(os.getenv("DEFAULT_MAX_TOKENS", 4096))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93daa66a1468c3b6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:41
DEFAULT_ALLOWED_FAILS = int(os.getenv("DEFAULT_ALLOWED_FAILS", 3))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d84eba7618575f59 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:42
DEFAULT_REDIS_SYNC_INTERVAL = int(os.getenv("DEFAULT_REDIS_SYNC_INTERVAL", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6264eeb862101f10 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:43
DEFAULT_COOLDOWN_TIME_SECONDS = int(os.getenv("DEFAULT_COOLDOWN_TIME_SECONDS", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #195f40786df44c9b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:45
    os.getenv("DEFAULT_REPLICATE_POLLING_RETRIES", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99fe6132a1e6b5f3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:48
    os.getenv("DEFAULT_REPLICATE_POLLING_DELAY_SECONDS", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c3894f11e4cf164 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:50
DEFAULT_IMAGE_TOKEN_COUNT = int(os.getenv("DEFAULT_IMAGE_TOKEN_COUNT", 250))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1dfe3df434881436 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:55
_max_stream_duration_env = os.getenv("LITELLM_MAX_STREAMING_DURATION_SECONDS", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89442b07caa90023 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:63
MAX_BASE64_LENGTH_FOR_LOGGING = int(os.getenv("MAX_BASE64_LENGTH_FOR_LOGGING", 64))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4787fe26a07aee88 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:68
    os.getenv("LITELLM_DETAILED_TIMING", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b8a7552c2b49e1c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:73
    os.getenv("MODEL_COST_MAP_MIN_MODEL_COUNT", 50)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b14c67abf832c46b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:76
    os.getenv("MODEL_COST_MAP_MAX_SHRINK_RATIO", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3817cde25084916 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:78
DEFAULT_IMAGE_WIDTH = int(os.getenv("DEFAULT_IMAGE_WIDTH", 300))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b007098e692a877 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:79
DEFAULT_IMAGE_HEIGHT = int(os.getenv("DEFAULT_IMAGE_HEIGHT", 300))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ee36fcf819aff18 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:84
MAX_IMAGE_URL_DOWNLOAD_SIZE_MB = float(os.getenv("MAX_IMAGE_URL_DOWNLOAD_SIZE_MB", 50))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acb10810bafc6243 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:86
    os.getenv("MAX_SIZE_PER_ITEM_IN_MEMORY_CACHE_IN_KB", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d28e1e3101d0aa24 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:89
    os.getenv("SINGLE_DEPLOYMENT_TRAFFIC_FAILURE_THRESHOLD", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77a76f13303ef73d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:92
    os.getenv("DEFAULT_FAILURE_THRESHOLD_MINIMUM_REQUESTS", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #745fd595b4e0b0aa Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:96
    os.getenv("DEFAULT_REASONING_EFFORT_DISABLE_THINKING_BUDGET", 0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27cd6c87c6126e1a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:101
    os.getenv("DEFAULT_MCP_SEMANTIC_FILTER_EMBEDDING_MODEL", "text-embedding-3-small")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7032e38ed26a0faa Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:104
    os.getenv("DEFAULT_MCP_SEMANTIC_FILTER_TOP_K", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7b275b154364131 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:107
    os.getenv("DEFAULT_MCP_SEMANTIC_FILTER_SIMILARITY_THRESHOLD", 0.3)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7ab4712ffea4689 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:110
    os.getenv("MAX_MCP_SEMANTIC_FILTER_TOOLS_HEADER_LENGTH", 150)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #287a242628821beb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:115
    os.getenv("DEFAULT_SEMANTIC_GUARD_EMBEDDING_MODEL", "text-embedding-3-small")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42dbbe36e2568014 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:118
    os.getenv("DEFAULT_SEMANTIC_GUARD_SIMILARITY_THRESHOLD", 0.75)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25283b9c088cc547 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:123
    os.getenv("MCP_OAUTH2_TOKEN_EXPIRY_BUFFER_SECONDS", "60")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #825393d3217f6537 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:126
    os.getenv("MCP_OAUTH2_TOKEN_CACHE_MAX_SIZE", "200")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e25428c0c4fd2b8d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:129
    os.getenv("MCP_OAUTH2_TOKEN_CACHE_DEFAULT_TTL", "3600")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9563787040d18c8f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:135
MCP_NPM_CACHE_DIR = os.getenv("MCP_NPM_CACHE_DIR", "/tmp/.npm_mcp_cache")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #291e382eddd3ed66 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:136
MCP_OAUTH2_TOKEN_CACHE_MIN_TTL = int(os.getenv("MCP_OAUTH2_TOKEN_CACHE_MIN_TTL", "10"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7db956a2d0083f5c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:141
    os.getenv("MCP_PER_USER_TOKEN_DEFAULT_TTL", "43200")  # 12 hours

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c11589b1d0e607fa Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:144
    os.getenv("MCP_PER_USER_TOKEN_EXPIRY_BUFFER_SECONDS", "60")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28d4d00b78df7d27 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:148
MCP_CLIENT_TIMEOUT = float(os.getenv("LITELLM_MCP_CLIENT_TIMEOUT", "60.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #424826110b903605 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:149
MCP_TOOL_LISTING_TIMEOUT = float(os.getenv("LITELLM_MCP_TOOL_LISTING_TIMEOUT", "30.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c94a49847428ee84 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:150
MCP_METADATA_TIMEOUT = float(os.getenv("LITELLM_MCP_METADATA_TIMEOUT", "10.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87023c3cb0322a8a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:151
MCP_HEALTH_CHECK_TIMEOUT = float(os.getenv("LITELLM_MCP_HEALTH_CHECK_TIMEOUT", "10.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baee9da37c851e40 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:158
_MCP_STDIO_EXTRA_COMMANDS = os.getenv("LITELLM_MCP_STDIO_EXTRA_COMMANDS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6aac5aa1aa010091 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:172
    os.getenv("DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET_GEMINI_2_5_FLASH", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf2c32ae18ba2ba7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:175
    os.getenv("DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET_GEMINI_2_5_PRO", 128)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0b9721fe9ee6389 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:178
    os.getenv(
        "DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET_GEMINI_2_5_FLASH_LITE", 512
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ae4da9a0af29886 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:190
    os.getenv("DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET", 128)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4650dec1e536fce Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:197
    os.getenv("DEFAULT_REASONING_EFFORT_LOW_THINKING_BUDGET", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #066ba8bbfa943727 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:200
    os.getenv("DEFAULT_REASONING_EFFORT_MEDIUM_THINKING_BUDGET", 2048)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fff738f06b0f98d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:203
    os.getenv("DEFAULT_REASONING_EFFORT_HIGH_THINKING_BUDGET", 4096)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f217d595d8b2688 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:206
    os.getenv("DEFAULT_REASONING_EFFORT_XHIGH_THINKING_BUDGET", 8192)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af12fa60e706cb77 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:209
    os.getenv("DEFAULT_REASONING_EFFORT_MAX_THINKING_BUDGET", 16384)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #139d9e504bfaf51d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:212
    os.getenv("MAX_TOKEN_TRIMMING_ATTEMPTS", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a02e73d9f5212dc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:216
    os.getenv("RUNWAYML_DEFAULT_API_VERSION", "2024-11-06")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b019cd22da6aeadf Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:219
    os.getenv("RUNWAYML_POLLING_TIMEOUT", 600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f168abdf0036bd5b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:227
AIOHTTP_CONNECTOR_LIMIT = int(os.getenv("AIOHTTP_CONNECTOR_LIMIT", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3489e577c091af10 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:229
    os.getenv("AIOHTTP_CONNECTOR_LIMIT_PER_HOST", 500)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31789e40f14e08c2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:231
AIOHTTP_KEEPALIVE_TIMEOUT = int(os.getenv("AIOHTTP_KEEPALIVE_TIMEOUT", 120))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7dc5c4d7e9d816f4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:232
AIOHTTP_TTL_DNS_CACHE = int(os.getenv("AIOHTTP_TTL_DNS_CACHE", 300))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a0c0e3ec785989f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:239
AIOHTTP_SO_KEEPALIVE = os.getenv("AIOHTTP_SO_KEEPALIVE", "False").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17739c7ad02a8cb5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:240
AIOHTTP_TCP_KEEPIDLE = int(os.getenv("AIOHTTP_TCP_KEEPIDLE", 60))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e9b44a0548f9b64 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:241
AIOHTTP_TCP_KEEPINTVL = int(os.getenv("AIOHTTP_TCP_KEEPINTVL", 30))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a72e8d08c8bfe2a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:242
AIOHTTP_TCP_KEEPCNT = int(os.getenv("AIOHTTP_TCP_KEEPCNT", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f3b436df21c8226 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:255
_max_size_env = os.getenv("REALTIME_WEBSOCKET_MAX_MESSAGE_SIZE_BYTES")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a216f90404cc74f5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:263
DEFAULT_SSL_CIPHERS = os.getenv(
    "LITELLM_SSL_CIPHERS",
    # Priority 1: TLS 1.3 ciphers (fastest, ~50ms handshake)
    "TLS_AES_256_GCM_SHA384:"  # Fastest observed in testing
    "TLS_AES_128_GCM_SHA256:"  # Slightly faster than 256-bit
    "TLS_CHACHA20_POLY1305_SHA256:"  # Fast on ARM/mobile
    # Priority 2: TLS 1.2 ECDHE+GCM (fast, ~100ms handshake, widely supported)
    "ECDHE-RSA-AES256-GCM-SHA384:"
    "ECDHE-RSA-AES128-GCM-SHA256:"
    "ECDHE-ECDSA-AES256-GCM-SHA384:"
    "ECDHE-ECDSA-AES128-GCM-SHA256:"
    # Priority 3: Additional modern ciphers (good balance)
    "ECDHE-RSA-CHACHA20-POLY1305:" "ECDHE-ECDSA-CHACHA20-POLY1305:"
    # Priority 4: Widely compatible fallbacks (slower but universally supported)
    "ECDHE-RSA-AES256-SHA384:"  # Common fallback
    "ECDHE-RSA-AES128-SHA256:"  # Very widely supported
    "AES256-GCM-SHA384:"  # Non-PFS fallback (compatibility)
    "AES128-GCM-SHA256",  # Last resort (maximum compatibility)
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3bc519efdfa775f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:293
MAX_REDIS_BUFFER_DEQUEUE_COUNT = int(os.getenv("MAX_REDIS_BUFFER_DEQUEUE_COUNT", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a98139202ab5f88 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:295
LITELLM_ASYNCIO_QUEUE_MAXSIZE = int(os.getenv("LITELLM_ASYNCIO_QUEUE_MAXSIZE", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85a9aa7548d16b8a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:296
TOOL_POLICY_CACHE_TTL_SECONDS = int(os.getenv("TOOL_POLICY_CACHE_TTL_SECONDS", 60))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #243e71eebb0d3d0d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:300
    os.getenv("MAX_SIZE_IN_MEMORY_QUEUE", int(LITELLM_ASYNCIO_QUEUE_MAXSIZE * 0.8))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c90e820487070485 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:303
    os.getenv("MAX_IN_MEMORY_QUEUE_FLUSH_COUNT", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #012680a8167c9986 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:307
    os.getenv("MINIMUM_PROMPT_CACHE_TOKEN_COUNT", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5872a47edb987e0b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:310
    os.getenv("DEFAULT_TRIM_RATIO", 0.75)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c368efcd78d96aa5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:312
HOURS_IN_A_DAY = int(os.getenv("HOURS_IN_A_DAY", 24))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d95a496575c582f7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:313
DAYS_IN_A_WEEK = int(os.getenv("DAYS_IN_A_WEEK", 7))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f31c7e3b00f17d47 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:314
DAYS_IN_A_MONTH = int(os.getenv("DAYS_IN_A_MONTH", 28))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #218bd225fb33c332 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:315
DAYS_IN_A_YEAR = int(os.getenv("DAYS_IN_A_YEAR", 365))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6174a8adc8f40481 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:317
    os.getenv("REPLICATE_MODEL_NAME_WITH_ID_LENGTH", 64)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57859b5071996568 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:320
FUNCTION_DEFINITION_TOKEN_COUNT = int(os.getenv("FUNCTION_DEFINITION_TOKEN_COUNT", 9))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0f8b5f76adac65e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:321
SYSTEM_MESSAGE_TOKEN_COUNT = int(os.getenv("SYSTEM_MESSAGE_TOKEN_COUNT", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6aff400ec2ae8357 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:322
TOOL_CHOICE_OBJECT_TOKEN_COUNT = int(os.getenv("TOOL_CHOICE_OBJECT_TOKEN_COUNT", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b878b4d9a63b0ab5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:324
    os.getenv("DEFAULT_MOCK_RESPONSE_PROMPT_TOKEN_COUNT", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58b9f4776c0eb608 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:327
    os.getenv("DEFAULT_MOCK_RESPONSE_COMPLETION_TOKEN_COUNT", 20)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f22edfd55f47c5fa Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:330
    os.getenv("MAX_SHORT_SIDE_FOR_IMAGE_HIGH_RES", 768)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4879ed71f53ef8f7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:333
    os.getenv("MAX_LONG_SIDE_FOR_IMAGE_HIGH_RES", 2000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65f7048c5d364ea9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:335
MAX_TILE_WIDTH = int(os.getenv("MAX_TILE_WIDTH", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03b6e6aad12b7fe4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:336
MAX_TILE_HEIGHT = int(os.getenv("MAX_TILE_HEIGHT", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b3cb668a698bd87 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:338
    os.getenv("OPENAI_FILE_SEARCH_COST_PER_1K_CALLS", 2.5 / 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f17b113dccaf8e91 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:343
    os.getenv("AZURE_FILE_SEARCH_COST_PER_GB_PER_DAY", 0.1)  # $0.1 USD per 1 GB/Day

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d98b43496ded5f33 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:346
    os.getenv(
        "AZURE_COMPUTER_USE_INPUT_COST_PER_1K_TOKENS", 3.0
    )  # $0.003 USD per 1K Tokens

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #829884b362f6494b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:351
    os.getenv(
        "AZURE_COMPUTER_USE_OUTPUT_COST_PER_1K_TOKENS", 12.0
    )  # $0.012 USD per 1K Tokens

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fab98def213c40c3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:356
    os.getenv(
        "AZURE_VECTOR_STORE_COST_PER_GB_PER_DAY", 0.1
    )  # $0.1 USD per 1 GB/Day (same as file search)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b50f8314d797d2c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:360
MIN_NON_ZERO_TEMPERATURE = float(os.getenv("MIN_NON_ZERO_TEMPERATURE", 0.0001))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #909e58e51974764d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:363
    os.getenv("REPEATED_STREAMING_CHUNK_LIMIT", 100)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6382ca203663544 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:367
DEFAULT_MAX_LRU_CACHE_SIZE = int(os.getenv("DEFAULT_MAX_LRU_CACHE_SIZE", 64))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #282eadd51906bec1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:369
INITIAL_RETRY_DELAY = float(os.getenv("INITIAL_RETRY_DELAY", 0.5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c999635af4b22a82 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:370
MAX_RETRY_DELAY = float(os.getenv("MAX_RETRY_DELAY", 8.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24f1149ccd21ffb2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:371
JITTER = float(os.getenv("JITTER", 0.75))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e82ac75bec22e66 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:373
    os.getenv("DEFAULT_IN_MEMORY_TTL", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8832ff8040adda2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:376
    os.getenv("DEFAULT_MAX_REDIS_BATCH_CACHE_SIZE", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c1673ec86e47ea5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:379
    os.getenv("DEFAULT_POLLING_INTERVAL", 0.03)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f3ae806453b3cc1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:381
AZURE_OPERATION_POLLING_TIMEOUT = int(os.getenv("AZURE_OPERATION_POLLING_TIMEOUT", 120))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69241a353074ffbe Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:383
    os.getenv("AZURE_DOCUMENT_INTELLIGENCE_API_VERSION", "2024-11-30")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3827206d2dff8d3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:386
    os.getenv("AZURE_DOCUMENT_INTELLIGENCE_DEFAULT_DPI", 96)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fdce6e93f435216 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:388
REDIS_SOCKET_TIMEOUT = float(os.getenv("REDIS_SOCKET_TIMEOUT", 0.1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8b1ae98fc6cab75 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:389
REDIS_CONNECTION_POOL_TIMEOUT = int(os.getenv("REDIS_CONNECTION_POOL_TIMEOUT", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5d5cb9517dcffc9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:391
    os.getenv("REDIS_CIRCUIT_BREAKER_FAILURE_THRESHOLD", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17b4af6188cbcbcf Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:394
    os.getenv("REDIS_CIRCUIT_BREAKER_RECOVERY_TIMEOUT", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4c482d394dfea3d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:398
DEFAULT_REDIS_MAJOR_VERSION = int(os.getenv("DEFAULT_REDIS_MAJOR_VERSION", 7))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc0a082ec9da84dd Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:400
    os.getenv("NON_LLM_CONNECTION_TIMEOUT", 15)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a82832cec8aa13c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:402
MAX_EXCEPTION_MESSAGE_LENGTH = int(os.getenv("MAX_EXCEPTION_MESSAGE_LENGTH", 2000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1403f6754feb356a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:403
MAX_STRING_LENGTH_PROMPT_IN_DB = int(os.getenv("MAX_STRING_LENGTH_PROMPT_IN_DB", 2048))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bcf9d2c08906289 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:404
BEDROCK_MAX_POLICY_SIZE = int(os.getenv("BEDROCK_MAX_POLICY_SIZE", 75))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f78365ccd6a4253e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:406
    os.getenv("BEDROCK_MIN_THINKING_BUDGET_TOKENS", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8feb31fee00b481c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:411
    os.getenv("REPLICATE_POLLING_DELAY_SECONDS", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #064cc32236c4f5fb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:414
    os.getenv("DEFAULT_ANTHROPIC_CHAT_MAX_TOKENS", 4096)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #987474b19d4ef8af Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:416
TOGETHER_AI_4_B = int(os.getenv("TOGETHER_AI_4_B", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #642154ea009a6f44 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:417
TOGETHER_AI_8_B = int(os.getenv("TOGETHER_AI_8_B", 8))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3030838e6d46b40d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:418
TOGETHER_AI_21_B = int(os.getenv("TOGETHER_AI_21_B", 21))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1efb63e0b1396253 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:419
TOGETHER_AI_41_B = int(os.getenv("TOGETHER_AI_41_B", 41))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12e2b2eb9d0a5d84 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:420
TOGETHER_AI_80_B = int(os.getenv("TOGETHER_AI_80_B", 80))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae0e394bfbe23f2d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:421
TOGETHER_AI_110_B = int(os.getenv("TOGETHER_AI_110_B", 110))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c0c8f2f3aa8bb7f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:422
TOGETHER_AI_EMBEDDING_150_M = int(os.getenv("TOGETHER_AI_EMBEDDING_150_M", 150))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c247b089ce46c1b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:423
TOGETHER_AI_EMBEDDING_350_M = int(os.getenv("TOGETHER_AI_EMBEDDING_350_M", 350))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac5237bc180721c8 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:424
QDRANT_SCALAR_QUANTILE = float(os.getenv("QDRANT_SCALAR_QUANTILE", 0.99))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aef20f0fe673387f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:425
QDRANT_VECTOR_SIZE = int(os.getenv("QDRANT_VECTOR_SIZE", 1536))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9abc273aeb941e80 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:426
CACHED_STREAMING_CHUNK_DELAY = float(os.getenv("CACHED_STREAMING_CHUNK_DELAY", 0.02))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b95ccd274316b9e5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:428
    os.getenv("AUDIO_SPEECH_CHUNK_SIZE", 8192)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3792013236c733d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:430
DEFAULT_MAX_TOKENS_FOR_TRITON = int(os.getenv("DEFAULT_MAX_TOKENS_FOR_TRITON", 2000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #915d4cdea1c593ae Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:444
    os.getenv("REQUEST_TIMEOUT", str(int(DEFAULT_REQUEST_TIMEOUT_SECONDS)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b06b72af0387e72 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:447
    os.getenv("DEFAULT_A2A_AGENT_TIMEOUT", 6000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f309c52b3319e7b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:469
    os.getenv("DEFAULT_REPLICATE_GPU_PRICE_PER_SECOND", 0.001400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9eb20bb044403ecd Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:471
FIREWORKS_AI_56_B_MOE = int(os.getenv("FIREWORKS_AI_56_B_MOE", 56))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff07bc261467c2dd Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:472
FIREWORKS_AI_176_B_MOE = int(os.getenv("FIREWORKS_AI_176_B_MOE", 176))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87397c37a29b1073 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:473
FIREWORKS_AI_4_B = int(os.getenv("FIREWORKS_AI_4_B", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #600dc66ba74bfebe Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:474
FIREWORKS_AI_16_B = int(os.getenv("FIREWORKS_AI_16_B", 16))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52718fc9a48a49b5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:475
FIREWORKS_AI_80_B = int(os.getenv("FIREWORKS_AI_80_B", 80))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfdced09bb0207bb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:479
    os.getenv("MAX_LANGFUSE_INITIALIZED_CLIENTS", 50)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d90530707f917573 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:482
    os.getenv("LOGGING_WORKER_CONCURRENCY", 100)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a26b8f9264ef072f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:484
LOGGING_WORKER_MAX_QUEUE_SIZE = int(os.getenv("LOGGING_WORKER_MAX_QUEUE_SIZE", 50_000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8e75cc4a46eedb0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:486
    os.getenv("LOGGING_WORKER_MAX_TIME_PER_COROUTINE", 20.0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2ffbed8938b053f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:489
    os.getenv("LOGGING_WORKER_CLEAR_PERCENTAGE", 50)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22f8185b38391244 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:491
MAX_ITERATIONS_TO_CLEAR_QUEUE = int(os.getenv("MAX_ITERATIONS_TO_CLEAR_QUEUE", 200))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #303c1cf9a9c8cbf2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:492
MAX_TIME_TO_CLEAR_QUEUE = float(os.getenv("MAX_TIME_TO_CLEAR_QUEUE", 5.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4e9ee42ca85814a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:494
    os.getenv("LOGGING_WORKER_AGGRESSIVE_CLEAR_COOLDOWN_SECONDS", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1183551d2d0a4fb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:496
DD_TRACER_STREAMING_CHUNK_YIELD_RESOURCE = os.getenv(
    "DD_TRACER_STREAMING_CHUNK_YIELD_RESOURCE", "streaming.chunk.yield"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe9990a7ea93aa23 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:501
    os.getenv("EMAIL_BUDGET_ALERT_TTL", 24 * 60 * 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e8b492244eccd1f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:504
    os.getenv("EMAIL_BUDGET_ALERT_MAX_SPEND_ALERT_PERCENTAGE", 0.8)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8c41650eb22b519 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:508
ANTHROPIC_TOKEN_COUNTING_BETA_VERSION = os.getenv(
    "ANTHROPIC_TOKEN_COUNTING_BETA_VERSION", "token-counting-2024-11-01"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d92fa3252a928c9d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:526
    os.getenv("DEFAULT_GOOGLE_VIDEO_DURATION_SECONDS", 8)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1dfa79560ce693c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:531
    os.getenv("DEFAULT_DATAFORSEO_LOCATION_CODE", 2250)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ef5f2031c4ae341 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1279
    os.getenv("HUMANLOOP_PROMPT_CACHE_TTL_SECONDS", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #611ca0db6e4faee1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1286
    os.getenv("PROMETHEUS_BUDGET_METRICS_REFRESH_INTERVAL_MINUTES", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ad6dddec1a982cb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1289
    os.getenv("CLOUDZERO_EXPORT_INTERVAL_MINUTES", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #543dfd6eb6f83d3f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1292
MAXIMUM_TRACEBACK_LINES_TO_LOG = int(os.getenv("MAXIMUM_TRACEBACK_LINES_TO_LOG", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9200ef6c068c5a4d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1315
    os.getenv("MAX_SPENDLOG_ROWS_TO_QUERY", 1_000_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fc0db1a8b2ef6e3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1318
    os.getenv("DEFAULT_SOFT_BUDGET", 50.0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17805570bf16970c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1325
PYTHON_GC_THRESHOLD = os.getenv("PYTHON_GC_THRESHOLD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4312e65040fd561 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1354
    os.getenv("BATCH_STATUS_POLL_INTERVAL_SECONDS", 3600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a63cedccb9a791be Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1357
    os.getenv("BATCH_STATUS_POLL_MAX_ATTEMPTS", 24)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #978ee63e58c8bfe2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1361
    os.getenv("HEALTH_CHECK_TIMEOUT_SECONDS", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90def0947b9a6e88 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1363
_background_health_check_max_tokens_env = os.getenv(
    "BACKGROUND_HEALTH_CHECK_MAX_TOKENS"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdce156c62fb5fa9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1381
_background_health_check_max_tokens_reasoning_env = os.getenv(
    "BACKGROUND_HEALTH_CHECK_MAX_TOKENS_REASONING"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd256382fce02a96 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1407
LITELLM_KEY_ROTATION_ENABLED = os.getenv("LITELLM_KEY_ROTATION_ENABLED", "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f285123b90c393a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1409
    os.getenv("LITELLM_KEY_ROTATION_CHECK_INTERVAL_SECONDS", 86400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #432daada938b880c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1411
LITELLM_KEY_ROTATION_GRACE_PERIOD: str = os.getenv(
    "LITELLM_KEY_ROTATION_GRACE_PERIOD", ""
)  # Duration to keep old key valid after rotation (e.g. "24h", "2d"); empty = immediate revoke (default)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f2a1d1402893ee6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1415
    os.getenv("LITELLM_KEY_ROTATION_LOCK_TTL_SECONDS", 600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1aa8d8002181124 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1418
LITELLM_EXPIRED_UI_SESSION_KEY_CLEANUP_ENABLED = os.getenv(
    "LITELLM_EXPIRED_UI_SESSION_KEY_CLEANUP_ENABLED", "false"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ad731bcb2aa2d1d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1422
    os.getenv("LITELLM_EXPIRED_UI_SESSION_KEY_CLEANUP_INTERVAL_SECONDS", 86400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a8620567aee6b8b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1425
    os.getenv("LITELLM_EXPIRED_UI_SESSION_KEY_CLEANUP_BATCH_SIZE", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38e1ce60ed2054cf Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1437
    os.getenv("CLI_JWT_EXPIRATION_HOURS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a001970b1aaddfb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1438
    or os.getenv("LITELLM_CLI_JWT_EXPIRATION_HOURS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e699bfbed3d1da52 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1445
LITELLM_UI_SESSION_DURATION = os.getenv("LITELLM_UI_SESSION_DURATION", "24h")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be656861d1fb772d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1453
    os.getenv("CLOUDZERO_MAX_FETCHED_DATA_RECORDS", 50000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0512d8574bc2ad37 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1458
SPEND_LOG_RUN_LOOPS = int(os.getenv("SPEND_LOG_RUN_LOOPS", 500))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7c3d2a3d3cc9579 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1459
SPEND_LOG_CLEANUP_BATCH_SIZE = int(os.getenv("SPEND_LOG_CLEANUP_BATCH_SIZE", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b079975affaac68 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1460
SPEND_LOG_QUEUE_SIZE_THRESHOLD = int(os.getenv("SPEND_LOG_QUEUE_SIZE_THRESHOLD", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d7c0f180eafd1e7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1461
SPEND_LOG_QUEUE_POLL_INTERVAL = float(os.getenv("SPEND_LOG_QUEUE_POLL_INTERVAL", 2.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3404571712e0141f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1463
    os.getenv("SPEND_COUNTER_RESEED_LOCKS_MAX_SIZE", 10000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc43ec9db859bc0a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1466
    os.getenv("DEFAULT_CRON_JOB_LOCK_TTL_SECONDS", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ae71464fba08297 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1469
    os.getenv("PROXY_BUDGET_RESCHEDULER_MIN_TIME", 597)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39848784c128f135 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1471
PROXY_BATCH_POLLING_INTERVAL = int(os.getenv("PROXY_BATCH_POLLING_INTERVAL", 3600))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca528b7f3a12cce2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1472
MAX_OBJECTS_PER_POLL_CYCLE = max(1, int(os.getenv("MAX_OBJECTS_PER_POLL_CYCLE", 50)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #723e7b09eb138d6a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1474
    1, int(os.getenv("MANAGED_OBJECT_STALENESS_CUTOFF_DAYS", 7))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46d4bbc0e2357a24 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1477
    1, int(os.getenv("STALE_OBJECT_CLEANUP_BATCH_SIZE", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55f967a6f975f91c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1482
_batch_polling_env = os.getenv("PROXY_BATCH_POLLING_ENABLED", "true").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3afa681a7d0d9ac Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1485
    os.getenv("PROXY_BUDGET_RESCHEDULER_MAX_TIME", 605)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28bb8705fddb2691 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1488
    os.getenv("PROXY_BATCH_WRITE_AT", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe504c3f59526b47 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1493
APSCHEDULER_COALESCE = os.getenv("APSCHEDULER_COALESCE", "True").lower() in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97408e83920aadab Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1498
    os.getenv("APSCHEDULER_MISFIRE_GRACE_TIME", 3600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fa89732563162ba Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1501
    os.getenv("APSCHEDULER_MAX_INSTANCES", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4791ef8df183f5c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1503
APSCHEDULER_REPLACE_EXISTING = os.getenv(
    "APSCHEDULER_REPLACE_EXISTING", "True"
).lower() in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8400ab033f712cc3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1515
    os.getenv("DEFAULT_HEALTH_CHECK_INTERVAL", 300)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ae687eec5963f80 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1518
    os.getenv("DEFAULT_SHARED_HEALTH_CHECK_TTL", 300)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31785fb2732fa363 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1521
    os.getenv("DEFAULT_SHARED_HEALTH_CHECK_LOCK_TTL", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db03f4cbadabb9f2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1527
    os.getenv("PROMETHEUS_FALLBACK_STATS_SEND_TIME_HOURS", 9)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b810ff17e8c46fc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1530
    os.getenv("DEFAULT_MODEL_CREATED_AT_TIME", 1677610602)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d054725897ae117 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1533
    os.getenv("DEFAULT_SLACK_ALERTING_THRESHOLD", 300)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3960727e016ae3f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1535
MAX_TEAM_LIST_LIMIT = int(os.getenv("MAX_TEAM_LIST_LIMIT", 20))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfd3b25f9ce976cd Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1537
    os.getenv("MAX_POLICY_ESTIMATE_IMPACT_ROWS", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb012c12f53cffd6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1540
    os.getenv("DEFAULT_PROMPT_INJECTION_SIMILARITY_THRESHOLD", 0.7)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d64b56e72c3b7eff Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1542
LENGTH_OF_LITELLM_GENERATED_KEY = int(os.getenv("LENGTH_OF_LITELLM_GENERATED_KEY", 16))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7aea57470c18d64d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1544
    os.getenv("SECRET_MANAGER_REFRESH_INTERVAL", 86400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1366afacaf71d263 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1558
    os.getenv("DEFAULT_MANAGEMENT_OBJECT_IN_MEMORY_CACHE_TTL", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #daedbc2126d94310 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1560
DEFAULT_ACCESS_GROUP_CACHE_TTL = int(os.getenv("DEFAULT_ACCESS_GROUP_CACHE_TTL", 600))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #893106cd1ac58a7a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1631
    os.getenv("COROUTINE_CHECKER_MAX_SIZE_IN_MEMORY", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b32628f1c6d9fad Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1635
DEFAULT_CHUNK_SIZE = int(os.getenv("DEFAULT_CHUNK_SIZE", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a02ed6a1f2e6857a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1636
DEFAULT_CHUNK_OVERLAP = int(os.getenv("DEFAULT_CHUNK_OVERLAP", 200))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #787f3f1abf97633e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1639
S3_VECTORS_DEFAULT_DIMENSION = int(os.getenv("S3_VECTORS_DEFAULT_DIMENSION", 1024))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc28ce8f5cf52bc1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1641
    os.getenv("S3_VECTORS_DEFAULT_DISTANCE_METRIC", "cosine")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd7834e0f58846b9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1647
    os.getenv("MICROSOFT_USER_EMAIL_ATTRIBUTE", "userPrincipalName")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76369167b68abff3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1650
    os.getenv("MICROSOFT_USER_DISPLAY_NAME_ATTRIBUTE", "displayName")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b05450e4e51f7231 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1652
MICROSOFT_USER_ID_ATTRIBUTE = str(os.getenv("MICROSOFT_USER_ID_ATTRIBUTE", "id"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #096c0c46fa4f83ae Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1654
    os.getenv("MICROSOFT_USER_FIRST_NAME_ATTRIBUTE", "givenName")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e498eb9edc78953 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1657
    os.getenv("MICROSOFT_USER_LAST_NAME_ATTRIBUTE", "surname")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94e09eb83dca82f1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1663
    os.getenv("MAX_PAYLOAD_SIZE_FOR_DEBUG_LOG", 102400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f79834319e61d10 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1667
MAX_COMPETITOR_NAMES = int(os.getenv("MAX_COMPETITOR_NAMES", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe58f3e7f046fd24 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1668
COMPETITOR_LLM_TEMPERATURE = float(os.getenv("COMPETITOR_LLM_TEMPERATURE", 0.3))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b9b55e7c2eaa5bd Filesystem access.
pkgs/python/[email protected]/litellm/containers/endpoint_factory.py:40
    with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #584cb88f9f311d14 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:205
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f6965774575cfba Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:206
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #617310653c716ad7 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:212
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdea2f56a1e6050d Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:220
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9531c84efa0fbaf5 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:430
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e432d6724b43de43 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:431
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04656e58c8f44da2 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:437
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e819f1452ddd3313 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:445
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f1d33edf1c6066f Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:592
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76c0010a06af2e90 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:593
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e52b1f8709ceee78 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:599
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfdcc6807a0adb4d Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:607
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65dbf7e17d359f76 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:749
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a96414d9b7399b85 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:750
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #129241e7b1e66520 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:756
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4739abb2cd0c7a09 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:763
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b6f56612bd4816b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1120
    base_url={os.getenv("PROXY_BASE_URL", "http://0.0.0.0:4000")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abf2a047d3d6fffe Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1165
        webhook_url = os.getenv("WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #783ea53543f0472c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1214
            email_logo_url = os.getenv(
                "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cee38fc268ca9360 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1215
                "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8e3660695b2cf84 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1217
            email_support_contact = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58481552702ff0ef Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1243
            base_url = os.getenv("PROXY_BASE_URL", "http://0.0.0.0:4000")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #140f1e1d440689e2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1316
        email_logo_url = os.getenv(
            "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71e0fdff194be4db Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1317
            "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d63d3fb8ac202350 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1319
        email_support_contact = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3052543edb230540 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1452
                _digest_webhook = os.getenv("SLACK_WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8502eec34546ef7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1479
        _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #177823d315bbafbf Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1508
            slack_webhook_url = os.getenv("SLACK_WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #884f550dc1e84562 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1586
                _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17a1fbd061fd4fc1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/agentops/agentops.py:24
            api_key=os.getenv("AGENTOPS_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77de5fc40f053348 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/agentops/agentops.py:25
            service_name=os.getenv("AGENTOPS_SERVICE_NAME", "agentops"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31379cc82fbb72aa Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/agentops/agentops.py:26
            deployment_environment=os.getenv("AGENTOPS_ENVIRONMENT", "production"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ab46176bcc1c7bb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:63
            float(os.getenv("ARGILLA_SAMPLING_RATE"))  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c772b5d98c1e52f6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:64
            if os.getenv("ARGILLA_SAMPLING_RATE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ebf935b11985bb6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:65
            and os.getenv("ARGILLA_SAMPLING_RATE").strip().isdigit()  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec8dc7e1b08895e7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:73
            os.getenv("ARGILLA_BATCH_SIZE", None) or litellm.argilla_batch_size

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5414a2eae2b91c65 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:101
        _credentials_api_key = argilla_api_key or os.getenv("ARGILLA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d368a48cdc1bb0cd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:107
            or os.getenv("ARGILLA_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48fde2a9637775fd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:117
            or os.getenv("ARGILLA_DATASET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77754e778d28e2d2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:238
                float(os.getenv("LANGSMITH_SAMPLING_RATE"))  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d49b0023bb022e29 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:239
                if os.getenv("LANGSMITH_SAMPLING_RATE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9959bdf1464dad8f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:240
                and os.getenv("LANGSMITH_SAMPLING_RATE").strip().isdigit()  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3ea6871cfd49c5c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/__init__.py:22
    api_key = getattr(litellm_params, "api_key", None) or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41a600d0b8660100 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/__init__.py:22
    api_key = getattr(litellm_params, "api_key", None) or os.environ.get(
        "PHOENIX_API_KEY"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75826865d9dac5b3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:86
        space_id = os.environ.get("ARIZE_SPACE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5929bb00a78d187 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:87
        space_key = os.environ.get("ARIZE_SPACE_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d1eb0147c63e26b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:88
        api_key = os.environ.get("ARIZE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86dbdaaebe8dcfce Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:89
        project_name = os.environ.get("ARIZE_PROJECT_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a89cdbc9ee08e295 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:91
        grpc_endpoint = os.environ.get("ARIZE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3c88fb8615bb291 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:92
        http_endpoint = os.environ.get("ARIZE_HTTP_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7c3d4b2ef9e24d9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:285
        api_key = os.environ.get("PHOENIX_API_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07fe67a3e322535e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:287
        collector_endpoint = os.environ.get("PHOENIX_COLLECTOR_HTTP_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d0a808b47db8227 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:290
            grpc_endpoint = os.environ.get("PHOENIX_COLLECTOR_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #980c7fa1943b41c6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:291
            http_endpoint = os.environ.get("PHOENIX_COLLECTOR_HTTP_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8281c743b220d6f7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:337
        project_name = os.environ.get("PHOENIX_PROJECT_NAME", "default")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ee07690c614fbe8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/athina.py:10
        self.athina_api_key = os.getenv("ATHINA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a85845be08d9303 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/athina.py:16
            os.getenv("ATHINA_BASE_URL", "https://log.athina.ai")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #c0ca52747aa27ece Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/athina.py:90
            response = litellm.module_level_client.post(
                self.athina_logging_url,
                headers=self.headers,
                data=json.dumps(data, default=str),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #fab59f1d135991d8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:65
        self.dcr_immutable_id = dcr_immutable_id or os.getenv(
            "AZURE_SENTINEL_DCR_IMMUTABLE_ID"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1880ccd151b948c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:68
        self.stream_name = stream_name or os.getenv(
            "AZURE_SENTINEL_STREAM_NAME", "Custom-LiteLLM"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2df1169f171ead9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:71
        self.endpoint = endpoint or os.getenv("AZURE_SENTINEL_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6069daf2dcb5d99a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:74
            or os.getenv("AZURE_SENTINEL_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bf3326f3875632d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:75
            or os.getenv("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #453fce9e140d0069 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:79
            or os.getenv("AZURE_SENTINEL_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b28f84a2842978e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:80
            or os.getenv("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d416d35e8e42cc06 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:84
            or os.getenv("AZURE_SENTINEL_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0984599f84ce0b62 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:85
            or os.getenv("AZURE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbd45c2d16a1aa80 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:32
            self.tenant_id = os.getenv("AZURE_STORAGE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e6d1800870d4afe Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:33
            self.client_id = os.getenv("AZURE_STORAGE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0436af0e7f75f821 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:34
            self.client_secret = os.getenv("AZURE_STORAGE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed2fe1b85d20d4c9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:35
            self.azure_storage_account_key: Optional[str] = os.getenv(
                "AZURE_STORAGE_ACCOUNT_KEY"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fdb523d77fdb003 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:40
            _azure_storage_account_name = os.getenv("AZURE_STORAGE_ACCOUNT_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d90fdaceb968597f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:46
            _azure_storage_file_system = os.getenv("AZURE_STORAGE_FILE_SYSTEM")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e5f7bdf5037b5086 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:199
            response = await client.put(f"{base_url}?resource=file", headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #97594f94902691a1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:48
        self.api_base = api_base or os.getenv("BRAINTRUST_API_BASE") or API_BASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63c1f6fe1e93870b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:50
        self.api_key: str = api_key or os.getenv("BRAINTRUST_API_KEY")  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22286ab1865a168e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:71
        if api_key is None and os.getenv("BRAINTRUST_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #89f007fb85cec2f4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:86
            response = self.global_braintrust_sync_http_handler.post(
                f"{self.api_base}/project",
                headers=self.headers,
                json={"name": project_name},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9b8325e32187af4d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:106
            response = await self.global_braintrust_http_handler.post(
                f"{self.api_base}/project/register",
                headers=self.headers,
                json={"name": project_name},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #225b50729a814386 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:119
        project = await self.global_braintrust_http_handler.post(
            f"{self.api_base}/project", headers=self.headers, json={"name": "litellm"}
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3fbdae9aaa9d60c8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:128
        project = self.global_braintrust_sync_http_handler.post(
            f"{self.api_base}/project", headers=self.headers, json={"name": "litellm"}
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #ac619be8b5ca0908 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_mock_client.py:54
_MOCK_LATENCY_SECONDS = float(os.getenv("BRAINTRUST_MOCK_LATENCY_MS", "100")) / 1000.0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #418cf14f18d76f44 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cloudzero.py:37
        self.api_key = api_key or os.getenv("CLOUDZERO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f165ecd86beb2076 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cloudzero.py:38
        self.connection_id = connection_id or os.getenv("CLOUDZERO_CONNECTION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f8b434b38e39740 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cloudzero.py:39
        self.timezone = timezone or os.getenv("CLOUDZERO_TIMEZONE", "UTC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #9e5761b507a07280 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cz_stream_api.py:191
                response = client.post(url, headers=headers, json=payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #98f126ccbc756ee2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:117
            dd_agent_host = os.getenv("LITELLM_DD_AGENT_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f8e3fbd48882223 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:163
        dd_agent_port = os.getenv(
            "LITELLM_DD_AGENT_PORT", "10518"
        )  # default port for logs

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f06ea2a0f963148d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:167
        self.DD_API_KEY = os.getenv("DD_API_KEY")  # Optional when using agent

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a573f3c74124a26a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:177
        if os.getenv("DD_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0caf672aa3e40b84 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:179
        if os.getenv("DD_SITE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8215f0de1bf557ec Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:182
        self.DD_API_KEY = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #324ed3b6983fdd48 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:183
        self.intake_url = f"https://http-intake.logs.{os.getenv('DD_SITE')}/api/v2/logs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c517b95a19cfe63 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_cost_management.py:21
        self.dd_api_key = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12e0fa7a720f4922 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_cost_management.py:22
        self.dd_app_key = os.getenv("DD_APP_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3abc453734a93cc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_cost_management.py:23
        self.dd_site = os.getenv("DD_SITE", "datadoghq.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #302ef7cf2d05160b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_cost_management.py:208
        response = await self.async_client.put(
            self.upload_url, content=data_json, headers=headers
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #0a69169a5e6078b1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:12
    return os.getenv("DD_SOURCE", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c3abd400177491b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:16
    return os.getenv("DD_SERVICE", "litellm-server")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b04909ac2f6e572 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:20
    return os.getenv("HOSTNAME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4f38211566733a4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:28
    return os.getenv("DD_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a438b1f32b57de29 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:32
    return os.getenv("DD_ENV", "unknown")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cd1a7c922afd5c7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:36
    return os.getenv("POD_NAME", "unknown")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8ad644659aac7ff Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:52
        "version": os.getenv("DD_VERSION", "unknown"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab78aa633daecae3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:63
            dd_agent_host = os.getenv("LITELLM_DD_AGENT_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #704090838ccdc8c3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:68
            self.DD_API_KEY = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a22375cdd64a1f7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:74
                if os.getenv("DD_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ea2ae2f268cdda3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:76
                if os.getenv("DD_SITE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40319b8d3beb4936 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:109
        agent_port = os.getenv("LITELLM_DD_LLM_OBS_PORT", "8126")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90f91bf36bffce01 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:123
        self.DD_SITE = os.getenv("DD_SITE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88228ccc36c24d8e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:32
        self.dd_api_key = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cb5e839af3011bd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:33
        self.dd_app_key = os.getenv("DD_APP_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f65f8ba4ed454db Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:34
        self.dd_site = os.getenv("DD_SITE", "datadoghq.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d9d55060d9aec78 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:76
            f"version:{os.getenv('DD_VERSION', 'unknown')}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #a490d0f8c1fdc92d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:239
        response = await self.async_client.post(
            self.upload_url, content=compressed_data, headers=headers  # type: ignore
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #d47f544d94a73c21 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/deepeval/deepeval.py:24
        api_key = os.getenv("CONFIDENT_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b1ce48c782849ab Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/deepeval/deepeval.py:25
        self.litellm_environment = os.getenv("LITELM_ENVIRONMENT", "development")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e52bb0f90a1dbf0 Filesystem access.
pkgs/python/[email protected]/litellm/integrations/dotprompt/prompt_manager.py:157
        content = file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f121722eeeccb23e Filesystem access.
pkgs/python/[email protected]/litellm/integrations/dotprompt/prompt_manager.py:324
        content = file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c589341ccd7d6b69 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/dynamodb.py:20
            "dynamodb", region_name=os.environ["AWS_REGION_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f673bf0b13a28a0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/email_alerting.py:82
    email_logo_url = os.getenv("SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed4c52d40b0875ed Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/email_alerting.py:83
    email_support_contact = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d57d6a709656e9a5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:45
                or os.getenv("FOCUS_S3_BUCKET_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #036734744f5d1acb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:47
                or os.getenv("FOCUS_S3_REGION_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a4f2f105f3d8917 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:49
                or os.getenv("FOCUS_S3_ENDPOINT_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fee3782010d90e8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:51
                or os.getenv("FOCUS_S3_ACCESS_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e54483490d388d2d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:53
                or os.getenv("FOCUS_S3_SECRET_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #050facd1a4e30762 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:55
                or os.getenv("FOCUS_S3_SESSION_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9bf78244dacf03d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:62
                "api_key": overrides.get("api_key") or os.getenv("VANTAGE_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5444b2cf8b61716a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:64
                or os.getenv("VANTAGE_INTEGRATION_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41ec271eee21be71 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:66
                or os.getenv("VANTAGE_BASE_URL", "https://api.vantage.sh"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #02a0d350ae168580 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/vantage_destination.py:165
        await client.post(
            url,
            headers=headers,
            files={"csv": (filename, csv_bytes, "text/csv")},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a0463b5eb90f7161 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:41
        self.provider = (provider or os.getenv("FOCUS_PROVIDER") or "s3").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bbf3914a6c43449 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:43
            export_format or os.getenv("FOCUS_FORMAT") or "parquet"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07bf291edfbdc533 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:45
        self.frequency = (frequency or os.getenv("FOCUS_FREQUENCY") or "hourly").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39072e1e10b552e0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:49
            else int(os.getenv("FOCUS_CRON_OFFSET", "5"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95482340fd5967dc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:54
            else os.getenv("FOCUS_INTERVAL_SECONDS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ddc82033e817175 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:65
        env_prefix = os.getenv("FOCUS_PREFIX")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53362c3c61bd766a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:40
        self.base_url = os.getenv("GALILEO_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a04f0b2dcbed757 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:41
        self.project_id = os.getenv("GALILEO_PROJECT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8980ab3c6480f06 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:59
                "username": os.getenv("GALILEO_USERNAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57f40cfcd19d6fea Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:60
                "password": os.getenv("GALILEO_PASSWORD"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a76c7c279945faf2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket.py:34
        self.batch_size = int(os.getenv("GCS_BATCH_SIZE", GCS_DEFAULT_BATCH_SIZE))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea1e4e05fff6d752 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket.py:36
            os.getenv("GCS_FLUSH_INTERVAL", GCS_DEFAULT_FLUSH_INTERVAL_SECONDS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb714f06079772c7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket.py:39
            os.getenv(
                "GCS_USE_BATCHED_LOGGING", str(GCS_DEFAULT_USE_BATCHED_LOGGING).lower()
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1de98868431bde88 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:43
        _path_service_account = os.getenv("GCS_PATH_SERVICE_ACCOUNT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15a538b6902e42cc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:44
        _bucket_name = bucket_name or os.getenv("GCS_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8140476046a25357 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:96
        project_id = os.getenv("GOOGLE_SECRET_MANAGER_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a44af0951e496788 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_pubsub/pub_sub.py:55
        self.project_id = project_id or os.getenv("GCS_PUBSUB_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0366bb8fd73ee868 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_pubsub/pub_sub.py:56
        self.topic_id = topic_id or os.getenv("GCS_PUBSUB_TOPIC_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed4f829a978057e9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_pubsub/pub_sub.py:57
        self.path_service_account_json = credentials_path or os.getenv(
            "GCS_PATH_SERVICE_ACCOUNT"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f23259a7b0bd2687 Filesystem access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:43
        with open(json_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20d260aedad35a8b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:94
        return os.getenv(env_var_name, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #506ab2f2d0f35803 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:162
        endpoint = endpoint or os.getenv("GENERIC_LOGGER_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #853ff75ac61310ae Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:216
        env_headers = os.getenv("GENERIC_LOGGER_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #0ba502961915f2ac Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:268
                return await self.async_httpx_client.post(**post_kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #2dc3fd7d39e2f2f7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/greenscale.py:12
        self.greenscale_api_key = os.getenv("GREENSCALE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d0260d3984c396e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/greenscale.py:17
        self.greenscale_logging_url = os.getenv("GREENSCALE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #2a6d8baa380dc055 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/greenscale.py:57
            response = litellm.module_level_client.post(
                self.greenscale_logging_url,
                headers=self.headers,
                data=json.dumps(data, default=str),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #af7f6ab4ed7b179b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/helicone.py:39
        self.key = os.getenv("HELICONE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8bc5ee3ed70dc4d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/helicone.py:40
        self.api_base = os.getenv("HELICONE_API_BASE") or "https://api.hconeai.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #1a509acf202df680 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/helicone.py:213
            response = litellm.module_level_client.post(url, headers=headers, json=data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7a73490ff2b8a771 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:53
        if os.getenv("LAGO_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d0e9f183f6ad46f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:56
        if os.getenv("LAGO_API_BASE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2014e4d28a116477 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:59
        if os.getenv("LAGO_API_EVENT_CODE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a320be42b6de0054 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:92
        if os.getenv("LAGO_API_CHARGE_BY", None) is not None and isinstance(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e17cacfd66741e4c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:93
            os.environ["LAGO_API_CHARGE_BY"], str

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a15feb64f1661be6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:95
            if os.environ["LAGO_API_CHARGE_BY"] in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a96155aa5aea63bd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:100
                charge_by = os.environ["LAGO_API_CHARGE_BY"]  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df3d450a24b0eb29 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:122
                "code": os.getenv("LAGO_API_EVENT_CODE"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80882f201b32a807 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:133
        _url = os.getenv("LAGO_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85192224967bae38 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:142
        api_key = os.getenv("LAGO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb69198711adb1eb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:167
            _url = os.getenv("LAGO_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8eb2ff2c0f1b0a32 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:178
            api_key = os.getenv("LAGO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f746513eb68f5054 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:105
            langfuse_secret or langfuse_secret_key or os.getenv("LANGFUSE_SECRET_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4923841ab1e8e0be Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:107
        public_key = langfuse_public_key or os.getenv("LANGFUSE_PUBLIC_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #507102c656bea9fd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:109
    resolved_host = langfuse_host or os.getenv(
        "LANGFUSE_HOST", "https://cloud.langfuse.com"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a97488a007b39443 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:147
        self.langfuse_release = os.getenv("LANGFUSE_RELEASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c3b8eee0652a127 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:148
        self.langfuse_debug = os.getenv("LANGFUSE_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2090c1f5d60eb869 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:179
            os.environ["LANGFUSE_PROJECT_ID"] = "mock-project-id"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c1781d6d042cd58 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:184
                os.environ["LANGFUSE_PROJECT_ID"] = project_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f63b59589348bc0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:188
        if os.getenv("UPSTREAM_LANGFUSE_SECRET_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #421222b814810e99 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:189
            upstream_langfuse_debug_env = os.getenv("UPSTREAM_LANGFUSE_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa09ab4a914ab5a9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:195
            self.upstream_langfuse_secret_key = os.getenv(
                "UPSTREAM_LANGFUSE_SECRET_KEY"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47be9de52a220a6f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:198
            self.upstream_langfuse_public_key = os.getenv(
                "UPSTREAM_LANGFUSE_PUBLIC_KEY"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3eab31e1c322d485 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:201
            self.upstream_langfuse_host = os.getenv("UPSTREAM_LANGFUSE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #909d56c93d2b6e3c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:202
            self.upstream_langfuse_release = os.getenv("UPSTREAM_LANGFUSE_RELEASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #281d5e9f6f55f07a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:743
                proxy_base_url = os.environ.get("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #905912c4615a4059 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:1057
        return int(os.getenv("LANGFUSE_FLUSH_INTERVAL") or flush_interval)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b899b4ae0f5b28d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:235
        langfuse_environment = os.environ.get("LANGFUSE_TRACING_ENVIRONMENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af4785e0fde03d30 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:265
        return os.environ.get("LANGFUSE_OTEL_HOST") or os.environ.get("LANGFUSE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7869d8f6e630da59 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:274
        public_key = os.environ.get("LANGFUSE_PUBLIC_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9f0c477c0daaa9c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:275
        secret_key = os.environ.get("LANGFUSE_SECRET_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8df04eb01fcb8ceb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:322
        public_key = os.environ.get("LANGFUSE_PUBLIC_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c526c398ae11237d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:323
        secret_key = os.environ.get("LANGFUSE_SECRET_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5625762d95e1e8b3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:88
    langfuse_release = os.getenv("LANGFUSE_RELEASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8a93951bc2f987e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:89
    langfuse_debug = os.getenv("LANGFUSE_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41032a64f7e07141 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:69
            or float(os.getenv("LANGSMITH_SAMPLING_RATE"))  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #561fd2bdf11d1d98 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:70
            if os.getenv("LANGSMITH_SAMPLING_RATE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aae57ae5d1c984ed Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:71
            and os.getenv("LANGSMITH_SAMPLING_RATE").strip().isdigit()  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #390f2c023dd152fb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:74
        self.langsmith_default_run_name = os.getenv(
            "LANGSMITH_DEFAULT_RUN_NAME", "LLMRun"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efd4fa25c58399a8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:81
            os.getenv("LANGSMITH_BATCH_SIZE", None) or litellm.langsmith_batch_size

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #710a42693efef385 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:124
            _credentials_api_key = langsmith_api_key or os.getenv("LANGSMITH_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39b3202a798612d3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:127
                or os.getenv("LANGSMITH_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22eaea5ca8296667 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:132
                or os.getenv("LANGSMITH_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7061cd9f78c75ce0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:135
            _credentials_tenant_id = langsmith_tenant_id or os.getenv(
                "LANGSMITH_TENANT_ID"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #459aee997d2f6643 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:52
        api_key = os.environ.get("LEVOAI_API_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #234de448d6149a67 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:53
        org_id = os.environ.get("LEVOAI_ORG_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff81fbca34def75a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:54
        workspace_id = os.environ.get("LEVOAI_WORKSPACE_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98f60d4380ea8a10 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:55
        collector_url = os.environ.get("LEVOAI_COLLECTOR_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #053660c71506ed35 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/literal_ai.py:28
        self.literalai_api_url = os.getenv("LITERAL_API_URL") or literalai_api_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7a5ca8c264b6657 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/literal_ai.py:31
            "x-api-key": literalai_api_key or os.getenv("LITERAL_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #691ad07aa7463ce2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/literal_ai.py:40
        batch_size = os.getenv("LITERAL_BATCH_SIZE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df94176a6a8aba80 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/logfire_logger.py:36
                logfire.configure(token=os.getenv("LOGFIRE_TOKEN"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94ccd315a0278c6d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/mock_client_factory.py:128
        float(os.getenv(latency_env, str(config.default_latency_ms))) / 1000.0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f862108e18551b8b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/mock_client_factory.py:278
        mock_mode = os.getenv(config.env_var, "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #345f1662eccacd34 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:46
        if os.getenv("OPENMETER_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d044a622e6af4dd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:87
            "type": os.getenv("OPENMETER_EVENT_TYPE", "litellm_tokens"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfa542b032b662f5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:96
        _url = os.getenv("OPENMETER_API_ENDPOINT", "https://openmeter.cloud")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ef8090075b82cdd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:102
        api_key = os.getenv("OPENMETER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1176c6aa343a10f5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:122
        _url = os.getenv("OPENMETER_API_ENDPOINT", "https://openmeter.cloud")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5542c12937f3b28d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:128
        api_key = os.getenv("OPENMETER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecbf4dfc6d083335 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:52
LITELLM_TRACER_NAME = os.getenv("OTEL_TRACER_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f211fe6fac87d1f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:53
LITELLM_METER_NAME = os.getenv("LITELLM_METER_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d61cba2e03703c8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:54
LITELLM_LOGGER_NAME = os.getenv("LITELLM_LOGGER_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41758ff7c08bc40d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:88
            self.service_name = os.getenv("OTEL_SERVICE_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d885b9a31cb6becc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:90
            self.deployment_environment = os.getenv(
                "OTEL_ENVIRONMENT_NAME", "production"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0d8ef78e970e3cb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:94
            self.model_id = os.getenv("OTEL_MODEL_ID", self.service_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c44516a686b8b011 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:97
                os.getenv("OTEL_IGNORE_CONTEXT_PROPAGATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e9da8e082be86db Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:113
        exporter = os.getenv(
            "OTEL_EXPORTER_OTLP_PROTOCOL", os.getenv("OTEL_EXPORTER", "console")
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80faea4ab90d3c92 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:114
            "OTEL_EXPORTER_OTLP_PROTOCOL", os.getenv("OTEL_EXPORTER", "console")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80853879bd6075f0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:116
        endpoint = os.getenv("OTEL_EXPORTER_OTLP_ENDPOINT", os.getenv("OTEL_ENDPOINT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e58588f255a001d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:117
        headers = os.getenv(
            "OTEL_EXPORTER_OTLP_HEADERS", os.getenv("OTEL_HEADERS")
        )  # example: OTEL_HEADERS=x-honeycomb-team=B85YgLm96***"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #193970a295d96513 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:118
            "OTEL_EXPORTER_OTLP_HEADERS", os.getenv("OTEL_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d65c648d8e9c670 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:121
            os.getenv("LITELLM_OTEL_INTEGRATION_ENABLE_METRICS", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f6a1125cd00f79a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:125
            os.getenv("LITELLM_OTEL_INTEGRATION_ENABLE_EVENTS", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #772e51c15175bc31 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:128
        service_name = os.getenv("OTEL_SERVICE_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #127c5f4c935fefd7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:129
        deployment_environment = os.getenv("OTEL_ENVIRONMENT_NAME", "production")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7ba094e0aff8b00 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:130
        model_id = os.getenv("OTEL_MODEL_ID", service_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8da15536852da3a9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:168
        _debug_otel = str(os.getenv("DEBUG_OTEL", "False")).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5aa8b2a956c8baa Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2139
        otel_logs_exporter = os.getenv("OTEL_LOGS_EXPORTER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50bd2697b3e91b9c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opik/utils.py:58
    return os.getenv((env_prefix + key).upper(), None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00e38be9c2ef138f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/posthog.py:56
            if os.getenv("POSTHOG_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f88edd1e325d788 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/posthog.py:64
            self.POSTHOG_API_KEY = os.getenv("POSTHOG_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c0a69959ddcd58c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/posthog.py:65
            posthog_api_url = os.getenv("POSTHOG_API_URL", "https://us.i.posthog.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b1404c75e3e4900 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/prometheus.py:3485
        if "PROMETHEUS_MULTIPROC_DIR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #771c6a12b4892729 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/prompt_layer.py:15
        self.key = os.getenv("PROMPTLAYER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #a28d15c9d4fa406a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/prompt_layer.py:50
            request_response = litellm.module_level_client.post(
                "https://api.promptlayer.com/rest/track-request",
                json={
                    "function_name": "openai.ChatCompletion.create",
                    "kwargs": new_kwargs,
                    "tags": tags,
                    "request_response": dict(response_obj),
                    "request_start_time": int(start_time.timestamp()),
                    "request_end_time": int(end_time.timestamp()),
                    "api_key": self.key,
                    # Optional params for PromptLayer
                    # "prompt_id": "<PROMPT ID>",
                    # "prompt_input_variables": "<Dictionary of variables for prompt>",
                    # "prompt_version":1,
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4528895965c65d18 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/prompt_layer.py:77
                    response = litellm.module_level_client.post(
                        "https://api.promptlayer.com/rest/track-metadata",
                        json={
                            "request_id": response_json["request_id"],
                            "api_key": self.key,
                            "metadata": metadata,
                        },
                    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #141ec7adbb8b49a2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/s3_v2.py:413
                response = await self.async_httpx_client.put(
                    request_url, data=json_string, headers=signed_headers
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #101a4191366b3965 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/s3_v2.py:609
                response = httpx_client.put(
                    request_url, data=json_string, headers=signed_headers
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b46f9953f7a9f76f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/sqs.py:361
            response = await self.async_httpx_client.post(
                self.sqs_queue_url,
                data=body,
                headers=signed_headers,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #5aba724a098d3066 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/supabase.py:18
        self.supabase_url = os.getenv("SUPABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4242d9b64254b36 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/supabase.py:19
        self.supabase_key = os.getenv("SUPABASE_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e02e606b6eff1a47 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:46
        resolved_api_key = api_key or os.getenv("VANTAGE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72d33755b2d5de66 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:47
        resolved_token = integration_token or os.getenv("VANTAGE_INTEGRATION_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8b5d487eb4d270e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:48
        resolved_base_url = base_url or os.getenv(
            "VANTAGE_BASE_URL", "https://api.vantage.sh"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e37b3dbeb1fb2fa Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:52
            frequency or os.getenv("VANTAGE_EXPORT_FREQUENCY") or "hourly"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27e62fb007c17bd4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:55
        raw_interval = interval_seconds or os.getenv("VANTAGE_EXPORT_INTERVAL_SECONDS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d37f573075419f5d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:140
    api_key = os.getenv("WANDB_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec9e111399ca912d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:141
    project_id = os.getenv("WANDB_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00fbf230a7e4c31e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:142
    host = os.getenv("WANDB_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #633f923b46b21dcb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:169
    os.environ["OTEL_EXPORTER_OTLP_ENDPOINT"] = endpoint

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a396ffb95697e652 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:170
    os.environ["OTEL_EXPORTER_OTLP_HEADERS"] = otlp_auth_headers

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55ad5c361dd919a4 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:70
        with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd562e6930533651 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:88
                with open(str(content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1067b6bef68935e0 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:178
                with open(str(file_content_obj), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36c5e34f40efd56d Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:228
    return open(file_path, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2632e9b83b2623b2 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:265
            with open(str(file), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8177999df6d411ef Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/cli_token_utils.py:28
        with open(token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3a726517ba883d3 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/default_encoding.py:21
custom_cache_dir = os.getenv("CUSTOM_TIKTOKEN_CACHE_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa5bc435ca5d7964 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/default_encoding.py:29
os.environ["TIKTOKEN_CACHE_DIR"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e1d7413f2213ab0 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/env_utils.py:14
    raw = os.getenv(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d363ed76a1e9c6db Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_blog_posts.py:55
            files("litellm").joinpath("blog_posts.json").read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3193106562c3b026 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_blog_posts.py:134
        if os.getenv("LITELLM_LOCAL_BLOG_POSTS", "").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe16bcd1a41a535a Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_model_cost_map.py:40
            files("litellm")
            .joinpath("model_prices_and_context_window_backup.json")
            .read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84baa966dac20bef Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_model_cost_map.py:258
    if os.getenv("LITELLM_LOCAL_MODEL_COST_MAP", "").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a57e2f8c71eb762c Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3615
                    os.environ.get("SENTRY_API_TRACE_RATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c199acfc52dbf9c0 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3616
                    if "SENTRY_API_TRACE_RATE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #891ac6a4b98f812d Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3620
                    os.environ.get("SENTRY_API_SAMPLE_RATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad40fa22f58ca65e Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3621
                    if "SENTRY_API_SAMPLE_RATE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d332b32e3027bfe7 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3625
                    dsn=os.environ.get("SENTRY_DSN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #850d8acbb15572aa Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3634
                    environment=os.environ.get("SENTRY_ENVIRONMENT", "production"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fce0125cb9ae4cc Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3648
                    token=os.environ.get("SLACK_API_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e40bfed9795fb690 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3649
                    signing_secret=os.environ.get("SLACK_API_SECRET"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61783f21dccecf71 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3651
                alerts_channel = os.environ["SLACK_API_CHANNEL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8be3a009053cbe80 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3877
            os.environ["OTEL_EXPORTER_OTLP_TRACES_HEADERS"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1e3d8629eddce33 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3902
                existing_attrs = os.environ.get("OTEL_RESOURCE_ATTRIBUTES", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7dab9e379e5db33 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3905
                    os.environ["OTEL_RESOURCE_ATTRIBUTES"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d81b2ec60621701 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3909
                    os.environ["OTEL_RESOURCE_ATTRIBUTES"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5a512cec5d99573 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3914
            phoenix_project_name = os.environ.get("PHOENIX_PROJECT_NAME", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43a6ed6a358afe0c Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3916
                existing_attrs = os.environ.get("OTEL_RESOURCE_ATTRIBUTES", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5fc3d836820543f Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3919
                    os.environ["OTEL_RESOURCE_ATTRIBUTES"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8440dc88c62593ae Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3923
                    os.environ["OTEL_RESOURCE_ATTRIBUTES"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5c966d66eb8e8bf Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3929
                os.environ["OTEL_EXPORTER_OTLP_TRACES_HEADERS"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #061dde16d2dd6728 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4035
            if "LOGFIRE_TOKEN" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46df09d96d3fbb55 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4042
            logfire_base_url = os.getenv(
                "LOGFIRE_BASE_URL", "https://logfire-api.pydantic.dev"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #918ceffc917ab20a Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4048
                headers=f"Authorization={os.getenv('LOGFIRE_TOKEN')}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e293910d7a935e7 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4106
            if "LANGTRACE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f437e43d2d5fcba8 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4118
            os.environ["OTEL_EXPORTER_OTLP_TRACES_HEADERS"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3c88f7b93fc9020 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4119
                f"api_key={os.getenv('LANGTRACE_API_KEY')}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09fcf2d457ac6b20 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4325
    if not any(os.environ.get(v) for v in phoenix_env_vars):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01f6d97478b79fe5 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4480
            if "ARIZE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1497f24fb550ccf6 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4489
            if "LOGFIRE_TOKEN" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #428ee8f063a1bacb Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4518
            if "LANGTRACE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1907fbdcb1ac5230 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:5616
    if os.getenv("LITELLM_PRINT_STANDARD_LOGGING_PAYLOAD"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ba14e00a955256b Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/prompt_templates/common_utils.py:748
        with open(file_content, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #edc3291c1206ce2a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/anthropic/chat/handler.py:91
        response = await client.post(
            api_base,
            headers=headers,
            data=data,
            stream=True,
            timeout=timeout,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3459e55e3bb47f32 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/anthropic/chat/handler.py:149
        response = client.post(
            api_base,
            headers=headers,
            data=data,
            stream=True,
            timeout=timeout,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f3aa81a922878fe3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/anthropic/chat/handler.py:481
                    response = client.post(
                        api_base,
                        headers=headers,
                        data=json.dumps(data),
                        timeout=timeout,
                        logging_obj=logging_obj,
                    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d916c0481dfa96cd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/anthropic/count_tokens/handler.py:89
            response = await async_client.post(
                endpoint_url,
                headers=headers,
                json=request_body,
                timeout=request_timeout,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7006c0c966def99f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/anthropic/count_tokens/token_counter.py:60
            api_key = os.getenv("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1dc3a6f86f8ef92c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/anthropic/experimental_pass_through/utils.py:12
        or os.getenv("LITELLM_REASONING_AUTO_SUMMARY", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f6b2fb430f5ed92 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:179
    azure_authority_host = os.getenv(
        "AZURE_AUTHORITY_HOST", "https://login.microsoftonline.com"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03bd97f290289c8a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:182
    azure_client_id = azure_client_id or os.getenv("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61f509500553651a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:183
    azure_tenant_id = azure_tenant_id or os.getenv("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ff12cf200befd00d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:213
    req_token = client.post(
        f"{azure_authority_host}/{azure_tenant_id}/oauth2/v2.0/token",
        data={
            "client_id": azure_client_id,
            "grant_type": "client_credentials",
            "scope": scope,
            "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
            "client_assertion": oidc_token,
        },
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #4ad7ade16e0e1e6e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:298
    tenant_id = litellm_params.get("tenant_id") or os.getenv("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c17e12596d4f32bd Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:299
    client_id = litellm_params.get("client_id") or os.getenv("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f3819412b9940b7 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:300
    client_secret = litellm_params.get("client_secret") or os.getenv(
        "AZURE_CLIENT_SECRET"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2794046240b8e081 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:303
    azure_username = litellm_params.get("azure_username") or os.getenv("AZURE_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e026c039d2bf5e5a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:304
    azure_password = litellm_params.get("azure_password") or os.getenv("AZURE_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac690b22bafe66de Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:305
    scope = litellm_params.get("azure_scope") or os.getenv(
        "AZURE_SCOPE", "https://cognitiveservices.azure.com/.default"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18c0e7108cc6cd64 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:609
            api_version = os.getenv(
                "AZURE_API_VERSION", litellm.AZURE_DEFAULT_API_VERSION
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80cafc59c719492c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:664
        tenant_id = litellm_params.get("tenant_id", os.getenv("AZURE_TENANT_ID"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #787a22506b94e6cb Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:665
        client_id = litellm_params.get("client_id", os.getenv("AZURE_CLIENT_ID"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e32f32a2b2d6318 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:668
            os.getenv("AZURE_SCOPE", "https://cognitiveservices.azure.com/.default"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7934562707d784a0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:810
        return os.getenv(env_var_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #0af55609737196b6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/azure_ai/anthropic/count_tokens/handler.py:94
            response = await async_client.post(
                endpoint_url,
                headers=headers,
                json=request_body,
                timeout=request_timeout,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #05a395cc6de4835a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure_ai/anthropic/count_tokens/token_counter.py:62
            api_key = os.getenv("AZURE_AI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5f58d7714b52afb Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure_ai/anthropic/count_tokens/token_counter.py:67
            api_base = os.getenv("AZURE_AI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #4a1515923e5c9612 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/azure_ai/anthropic/handler.py:192
                    response = client.post(
                        api_base,
                        headers=headers,
                        data=json.dumps(data),
                        timeout=timeout,
                    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #e22c8b79dc08fa96 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:146
                if key.upper() in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e94b5797998f7c7 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:147
                    params_to_check[i] = os.getenv(key.upper())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da5c12702eddb371 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:648
        current_role_arn = os.getenv("AWS_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32217a5486c539a5 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:649
        web_identity_token_file = os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #066d60563fe4aed4 Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:777
        with open(web_identity_token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2beccb6b491e5735 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:925
        web_identity_token_file = os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #262bfab1547164ea Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:926
        irsa_role_arn = os.getenv("AWS_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a771cc07d0a7161 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:930
            or os.getenv("AWS_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4de0771f1b7fe70c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:931
            or os.getenv("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1262cdce6fc69c1b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/batches/transformation.py:108
        output_bucket = litellm_params.get("s3_output_bucket_name") or os.getenv(
            "AWS_S3_OUTPUT_BUCKET_NAME"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31c0fcb88cb92145 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/batches/transformation.py:119
            or os.getenv("AWS_BATCH_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ab49c5a272f48535 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bedrock/chat/agentcore/transformation.py:638
        response = client.post(
            api_base,
            headers=headers,
            data=signed_json_body if signed_json_body else json.dumps(data),
            stream=True,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2591eeb19153d6be Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bedrock/chat/agentcore/transformation.py:856
        response = await client.post(
            api_base,
            headers=headers,
            data=signed_json_body if signed_json_body else json.dumps(data),
            stream=True,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f6e28b1d78e706ad Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bedrock/chat/converse_handler.py:40
    response = client.post(
        api_base,
        headers=headers,
        data=data,
        stream=not fake_stream,
        logging_obj=logging_obj,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0846ea0fd2d28513 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bedrock/chat/invoke_handler.py:211
        response = await client.post(
            api_base,
            headers=headers,
            data=data,
            stream=not fake_stream,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8a2f195e67a5e39c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bedrock/chat/invoke_handler.py:307
        response = client.post(
            api_base,
            headers=headers,
            data=signed_json_body if signed_json_body is not None else data,
            stream=not fake_stream,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #898610ba39728758 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bedrock/chat/invoke_handler.py:1303
            response = await client.post(
                api_base,
                headers=headers,
                data=data,
                timeout=timeout,
                logging_obj=logging_obj,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #c2baf01950fbbaa6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/common_utils.py:1236
            or os.getenv(bucket_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #2191c7fa201cd4dd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bedrock/count_tokens/handler.py:98
            response = await async_client.post(
                endpoint_url,
                headers=signed_headers,
                data=signed_body,
                timeout=30.0,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7c6fefb6f2d28941 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:112
        bucket_name = bucket_name or os.getenv("AWS_S3_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cec46622f0e0e166 Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/files/transformation.py:102
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd963f8680e56e16 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/files/transformation.py:181
        bucket_name = litellm_params.get("s3_bucket_name") or os.getenv(
            "AWS_S3_BUCKET_NAME"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28315b7f97083625 Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/files/transformation.py:778
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e74fb7327f25faa4 Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/image_edit/amazon_nova_canvas_image_edit_transformation.py:145
        with open(image, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #3b9d57eface3eb4f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bytez/chat/transformation.py:267
            response = client.post(
                api_base,
                headers=headers,
                data=json.dumps(data),
                stream=True,
                logging_obj=logging_obj,
                timeout=STREAMING_TIMEOUT,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #52b901b208595d28 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bytez/chat/transformation.py:311
            response = await client.post(
                api_base,
                headers=headers,
                data=json.dumps(data),
                stream=True,
                logging_obj=logging_obj,
                timeout=STREAMING_TIMEOUT,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #df2a840ce464e069 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:33
        self.token_dir = os.getenv(
            "CHATGPT_TOKEN_DIR",
            os.path.expanduser("~/.config/litellm/chatgpt"),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0975eb07fd7c48e8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:38
            self.token_dir, os.getenv("CHATGPT_AUTH_FILE", "auth.json")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7897b95c050416a0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:44
            os.getenv("CHATGPT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ea80033e6df3111 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:45
            or os.getenv("OPENAI_CHATGPT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edc6e50f17aa45dc Filesystem access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:95
            with open(self.auth_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8f5c28aa999d9b9 Filesystem access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:105
            with open(self.auth_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #297b5a74f2cb820d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:178
            resp = client.post(
                CHATGPT_DEVICE_CODE_URL,
                json={"client_id": CHATGPT_CLIENT_ID},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #061ac2cfb953246e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:217
                resp = client.post(
                    CHATGPT_DEVICE_TOKEN_URL,
                    json={
                        "device_auth_id": device_code["device_auth_id"],
                        "user_code": device_code["user_code"],
                    },
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #75a4f078489bea05 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:271
            resp = client.post(
                CHATGPT_OAUTH_TOKEN_URL,
                headers={"Content-Type": "application/x-www-form-urlencoded"},
                content=body,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0ae292dde3782d52 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:305
            resp = client.post(
                CHATGPT_OAUTH_TOKEN_URL,
                json={
                    "client_id": CHATGPT_CLIENT_ID,
                    "grant_type": "refresh_token",
                    "refresh_token": refresh_token,
                    "scope": "openid profile email",
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #fd67aa4240b26e3e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:153
    term_program = os.getenv("TERM_PROGRAM")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a799cabe84f463d5 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:155
        version = os.getenv("TERM_PROGRAM_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7514c160d4bc6cc2 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:159
    wezterm_version = os.getenv("WEZTERM_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b382065bf000a28f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:165
        os.getenv("ITERM_SESSION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fd8bcf266900a46 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:166
        or os.getenv("ITERM_PROFILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca6805c330ecb1c6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:167
        or os.getenv("ITERM_PROFILE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc408b70620e5e49 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:171
    if os.getenv("TERM_SESSION_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edd967333dd8f520 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:174
    if os.getenv("KITTY_WINDOW_ID") or "kitty" in (os.getenv("TERM") or ""):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02d5ba245d03aac0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:177
    if os.getenv("ALACRITTY_SOCKET") or os.getenv("TERM") == "alacritty":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4530f57c668560a4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:180
    konsole_version = os.getenv("KONSOLE_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ba59de1cecf5986 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:185
    if os.getenv("GNOME_TERMINAL_SCREEN"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e02a4e53e425c045 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:188
    vte_version = os.getenv("VTE_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3ccfca955c67b9b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:193
    if os.getenv("WT_SESSION"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d365609b3a367d8a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:196
    term = os.getenv("TERM")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab0b81e671df8764 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:213
    originator = os.getenv("CHATGPT_ORIGINATOR") or DEFAULT_ORIGINATOR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8662d2165b460b03 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:218
    override = os.getenv("CHATGPT_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a1ce63585151228 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:226
    suffix = os.getenv("CHATGPT_USER_AGENT_SUFFIX", "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9381bfebb7437e46 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:256
    return os.getenv("CHATGPT_DEFAULT_INSTRUCTIONS") or CHATGPT_DEFAULT_INSTRUCTIONS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #2d060a13c9e1a1a6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/codestral/completion/handler.py:62
    response = await client.post(api_base, headers=headers, data=data, stream=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b66bc42c294e27b1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/codestral/completion/handler.py:303
            response = litellm.module_level_client.post(
                completion_url,
                headers=headers,
                data=json.dumps(data),
                stream=stream,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2487ad67310328a0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/cohere/embed/handler.py:86
        response = await client.post(api_base, headers=headers, data=json.dumps(data))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #db4c584ed1823447 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/cohere/embed/handler.py:174
    response = client.post(embed_url, headers=headers, data=json.dumps(data))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #b09e8f713557a1ea Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/aiohttp_transport.py:353
            or str_to_bool(os.getenv("DISABLE_AIOHTTP_TRUST_ENV", "False"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9245769efbeb4e55 Filesystem access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/container_handler.py:45
    with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c511a1e2dcdfb2b6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:121
    user_agent = os.environ.get("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #582762cd43c16a42 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:251
        ssl_verify = os.getenv("SSL_VERIFY", litellm.ssl_verify)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75881b03ee96af72 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:266
        ssl_cert_file = os.getenv("SSL_CERT_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a914b00e48d4225 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:308
    ssl_security_level = os.getenv("SSL_SECURITY_LEVEL", litellm.ssl_security_level)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e6e91da200881b7 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:309
    ssl_ecdh_curve = os.getenv("SSL_ECDH_CURVE", litellm.ssl_ecdh_curve)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb7785eac5712be6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:315
        ssl_cert_file = os.getenv("SSL_CERT_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14d7e6a569a01a6f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:504
        cert = os.getenv("SSL_CERTIFICATE", litellm.ssl_certificate)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d90e77675495a6e6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:890
            or str_to_bool(os.getenv("DISABLE_AIOHTTP_TRANSPORT", "False")) is True

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b13aaebf82fa1f0f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:952
        if str_to_bool(os.getenv("AIOHTTP_TRUST_ENV", "False")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d2ce5a4c113262e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1042
        cert = os.getenv("SSL_CERTIFICATE", litellm.ssl_certificate)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3aa332b8348037f0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/httpx_handler.py:19
    user_agent = os.environ.get("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #20c574585f5ecc65 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/custom_httpx/httpx_handler.py:56
            response = await self.client.post(
                url, data=data, params=params, headers=headers  # type: ignore
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #5fc685dc8b9de190 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/chat/transformation.py:171
            or os.getenv("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #388898cc9c7a8815 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/chat/transformation.py:172
            or os.getenv("DATABRICKS_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e12644efe7a0a4bd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:238
            response = requests.post(
                token_url,
                data={
                    "grant_type": "client_credentials",
                    "scope": "all-apis",
                },
                auth=(client_id, client_secret),
                headers={"Content-Type": "application/x-www-form-urlencoded"},
                timeout=30,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #bdc79ebe3aae3e87 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:340
        client_id = os.getenv("DATABRICKS_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67f798b76b9ccca6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:341
        client_secret = os.getenv("DATABRICKS_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45dc7ea14a651b7e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:345
            api_base = os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc2a9364c97ebff6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/embed/handler.py:36
            or os.getenv("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22c28716bfc77ee8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/embed/handler.py:37
            or os.getenv("DATABRICKS_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ee2e707ddc008ba Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/responses/transformation.py:48
        api_key = litellm_params.api_key or os.getenv("DATABRICKS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #750d35fec42be394 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/responses/transformation.py:49
        api_base = litellm_params.api_base or os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd9ab25e632265ad Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/responses/transformation.py:71
        api_base = api_base or os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #8e1bf4b986d90af6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/deprecated_providers/aleph_alpha.py:240
    response = litellm.module_level_client.post(
        completion_url,
        headers=headers,
        data=json.dumps(data),
        stream=optional_params["stream"] if "stream" in optional_params else False,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #99250a78aa404b8f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/gigachat/authenticator.py:176
        response = client.post(auth_url, headers=headers, data=data, timeout=30)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #028b00aaa3e8c4ca Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/gigachat/authenticator.py:211
        response = await client.post(auth_url, headers=headers, data=data, timeout=30)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f1f558824dd08c6a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/gigachat/file_handler.py:124
        response = client.post(
            upload_url,
            headers={"Authorization": f"Bearer {access_token}"},
            files={"file": (filename, content_bytes, content_type)},
            data={"purpose": "general"},
            timeout=60,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #aa804675a83f14d0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/gigachat/file_handler.py:192
        response = await client.post(
            upload_url,
            headers={"Authorization": f"Bearer {access_token}"},
            files={"file": (filename, content_bytes, content_type)},
            data={"purpose": "general"},
            timeout=60,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #3ab1215b985a3783 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:31
        self.token_dir = os.getenv(
            "GITHUB_COPILOT_TOKEN_DIR",
            os.path.expanduser("~/.config/litellm/github_copilot"),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #369e4ea8bc1d46ef Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:37
            os.getenv("GITHUB_COPILOT_ACCESS_TOKEN_FILE", "access-token"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1328b29a3693c553 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:40
            self.token_dir, os.getenv("GITHUB_COPILOT_API_KEY_FILE", "api-key.json")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee451bb2ec466be5 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:55
            with open(self.access_token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f4dd57c5edef026 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:69
                    with open(self.access_token_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #100b4704d9373406 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:94
            with open(self.api_key_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8cab6e30c596fc3 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:113
            with open(self.api_key_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bab92e9a9f5f9a5e Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:143
            with open(self.api_key_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d51084aea7349590 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:164
        api_key_url = os.getenv(
            "GITHUB_COPILOT_API_KEY_URL", DEFAULT_GITHUB_API_KEY_URL
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce2298448e5f3f15 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:238
            device_code_url = os.getenv(
                "GITHUB_COPILOT_DEVICE_CODE_URL", DEFAULT_GITHUB_DEVICE_CODE_URL
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0675117c0f52c5d3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:241
            client_id = os.getenv("GITHUB_COPILOT_CLIENT_ID", DEFAULT_GITHUB_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e53c063058365e84 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:242
            resp = sync_client.post(
                device_code_url,
                headers=self._get_github_headers(),
                json={"client_id": client_id, "scope": "read:user"},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7719ace39dd2c54b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:294
        access_token_url = os.getenv(
            "GITHUB_COPILOT_ACCESS_TOKEN_URL", DEFAULT_GITHUB_ACCESS_TOKEN_URL
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb35222f8a42bc11 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:297
        client_id = os.getenv("GITHUB_COPILOT_CLIENT_ID", DEFAULT_GITHUB_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #2ecd7c9b95517935 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:301
                resp = sync_client.post(
                    access_token_url,
                    headers=self._get_github_headers(),
                    json={
                        "client_id": client_id,
                        "device_code": device_code,
                        "grant_type": "urn:ietf:params:oauth:grant-type:device_code",
                    },
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #9ab778577ac0f804 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/chat/transformation.py:37
            or os.getenv("GITHUB_COPILOT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c26287f125d2597 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/embedding/transformation.py:108
            or os.getenv("GITHUB_COPILOT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8aa05121ada6af38 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/responses/transformation.py:168
            or os.getenv("GITHUB_COPILOT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bd3cf4953b42eb3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/heroku/chat/transformation.py:56
        api_base = api_base or os.getenv("HEROKU_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ad660854be000b4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/heroku/chat/transformation.py:57
        api_key = api_key or os.getenv("HEROKU_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33b00f7948f50ad5 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:82
            base_url = os.getenv("HF_API_BASE") or os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dac627a60f2020b1 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:102
        elif os.getenv("HF_API_BASE") or os.getenv("HUGGINGFACE_API_BASE"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebc812699bcdec9c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:103
            complete_url = str(os.getenv("HF_API_BASE")) or str(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f17dfcecf4f2e34a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:104
                os.getenv("HUGGINGFACE_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bebebed132bbc00 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:76
    if os.getenv("HUGGINGFACE_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f9216fd8b8e0999 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:77
        headers["Authorization"] = f"Bearer {os.getenv('HUGGINGFACE_API_KEY')}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #a6dca5b6eed712bf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:296
        response = await client.post(api_base, headers=headers, data=json.dumps(data))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #c930491138d98c27 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:355
        elif "HF_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f35f75e0bf874867 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:356
            embed_url = os.getenv("HF_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25d3debcdbbbc7e1 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:357
        elif "HUGGINGFACE_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d94b6bb83a85e22 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:358
            embed_url = os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #74c839e9f7c72c04 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:403
        response = client.post(embed_url, headers=headers, data=json.dumps(data))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #78ee72459d477b88 Filesystem access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:164
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf7935e8a26eef8a Filesystem access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:178
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1730f2feff541e07 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:343
        elif "HF_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d1838f1fd0a99bb Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:344
            completion_url = os.getenv("HF_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #faf9bfd610a0888d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:345
        elif "HUGGINGFACE_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca28cefad45c01f3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:346
            completion_url = os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f075b918a1a7d3c1 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:56
        elif os.getenv("HF_API_BASE") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fced0f344a374866 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:57
            return os.getenv("HF_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec1e5b135e790c9c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:58
        elif os.getenv("HUGGINGFACE_API_BASE") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #347dfa72af613059 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:59
            return os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #d4213f3cd4503af0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/langgraph/chat/transformation.py:301
        response = client.post(
            api_base,
            headers=headers,
            data=json.dumps(data),
            stream=True,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c235096ca529f802 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/langgraph/chat/transformation.py:366
        response = await client.post(
            api_base,
            headers=headers,
            data=json.dumps(data),
            stream=True,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #6af03fa85f3e7033 Filesystem access.
pkgs/python/[email protected]/litellm/llms/litellm_proxy/skills/sandbox_executor.py:107
                        with open(local_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e4f3d0a5d408806 Filesystem access.
pkgs/python/[email protected]/litellm/llms/litellm_proxy/skills/sandbox_executor.py:277
                        with open(tmp_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #24a407e00e319ce8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/nlp_cloud/chat/handler.py:77
    response = client.post(
        completion_url,
        headers=headers,
        data=json.dumps(data),
        stream=optional_params["stream"] if "stream" in optional_params else False,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #c582e2d8d8e48c99 Filesystem access.
pkgs/python/[email protected]/litellm/llms/oci/chat/transformation.py:161
        with open(file_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #88b5014d3a3b7310 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/oci/chat/transformation.py:1100
            response = client.post(
                api_base,
                headers=headers,
                data=json.dumps(data),
                stream=True,
                logging_obj=logging_obj,
                timeout=STREAMING_TIMEOUT,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #90f8e26caa0f32c9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/oci/chat/transformation.py:1145
            response = await client.post(
                api_base,
                headers=headers,
                data=json.dumps(data),
                stream=True,
                logging_obj=logging_obj,
                timeout=STREAMING_TIMEOUT,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #c000b17e7e02653a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/ollama/common_utils.py:68
            os.environ.get("OLLAMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b20c4274435daf78 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/ollama/completion/transformation.py:220
            os.environ.get("OLLAMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #c20eacbd167247e0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/oobabooga/chat/oobabooga.py:65
    response = client.post(
        completion_url,
        headers=headers,
        data=json.dumps(data),
        stream=optional_params["stream"] if "stream" in optional_params else False,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0b1e1885bb88d8e0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/oobabooga/chat/oobabooga.py:129
    response = litellm.module_level_client.post(
        embeddings_url, headers=headers, json=data
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #9a598cf5f3ca78c3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:273
        or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca042bd132811513 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:274
        or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #221b5fb8f045ee77 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:280
        or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbcc5e02d283e57b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:284
        api_key or litellm.api_key or litellm.openai_key or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #218a0b911b90915c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/openai/responses/count_tokens/handler.py:73
            response = await async_client.post(
                endpoint_url,
                headers=headers,
                json=request_body,
                timeout=request_timeout,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #3fe84ecd8c7c7ee7 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/responses/count_tokens/token_counter.py:54
            api_key = os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #dc6c9a62cca36dd5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/openai_like/chat/handler.py:40
    response = await client.post(
        api_base, headers=headers, data=data, stream=not fake_stream
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7f06b1316874aded Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/openai_like/chat/handler.py:81
    response = client.post(
        api_base, headers=headers, data=data, stream=not fake_stream, timeout=timeout
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0657fa8d5f226ecf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/openai_like/chat/handler.py:187
            response = await client.post(
                api_base, headers=headers, data=json.dumps(data), timeout=timeout
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9f937dee81ee9404 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/openai_like/embedding/handler.py:47
                response = await async_client.post(
                    api_base,
                    headers=headers,
                    data=json.dumps(data),
                )  # type: ignore

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #985fa28113a981b1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/openai_like/embedding/handler.py:129
            response = self.client.post(
                api_base,
                headers=headers,
                data=json.dumps(data),
            )  # type: ignore

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #257ffdc54c1c16a3 Filesystem access.
pkgs/python/[email protected]/litellm/llms/openai_like/json_loader.py:47
            with open(json_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #b784810e30bb3b75 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/petals/completion/handler.py:69
        response = client.post(api_base, data=data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #69d9752ecc050d4f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/predibase/chat/handler.py:30
    response = await client.post(
        api_base, headers=headers, data=data, stream=True, timeout=timeout
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #646c86a60bde5279 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/predibase/chat/handler.py:158
            response = litellm.module_level_client.post(
                completion_url,
                headers=headers,
                data=json.dumps(data),
                stream=stream,
                timeout=timeout,  # type: ignore
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a74a16222e3a304e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/predibase/chat/transformation.py:346
        elif "PREDIBASE_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd1c5a97b1b85ca5 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/predibase/chat/transformation.py:347
            base_url = os.getenv("PREDIBASE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #8870c524e9302f84 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/sagemaker/chat/transformation.py:138
            response = client.post(
                api_base,
                headers=headers,
                data=signed_json_body if signed_json_body is not None else data,
                stream=True,
                logging_obj=logging_obj,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ef49ba09b9738e86 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/sagemaker/chat/transformation.py:190
            response = await client.post(
                api_base,
                headers=headers,
                data=signed_json_body if signed_json_body is not None else data,
                stream=True,
                logging_obj=logging_obj,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #fbce2f5e4ffff201 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:370
            response = await client.post(
                api_base,
                headers=headers,
                data=data,
                stream=True,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a611349e0ebd2164 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:30
    return os.getenv(HOME_PATH_ENV_VAR, DEFAULT_HOME_PATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4aec13f55404af7 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:57
    raw = os.environ.get(var_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53bb6a42421ccfed Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:141
    profile = profile or os.environ.get(PROFILE_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #406af2970f3fa9e5 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:142
    cfg_env = os.getenv(CONFIG_FILE_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f101d4203293bc1 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:279
        service_key or litellm.sap_service_key or os.environ.get(SERVICE_KEY_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e1be20664e09704 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:291
            lambda cv: _str_or_none(os.environ.get(f"AICORE_{cv.name.upper()}")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4d2d45abba1c18e Filesystem access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:480
                with open(cert_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e62b105f091b729 Filesystem access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:482
                with open(key_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e86729750d315e26 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/together_ai/rerank/handler.py:51
        response = client.post(
            "https://api.together.xyz/v1/rerank",
            headers={
                "accept": "application/json",
                "content-type": "application/json",
                "authorization": f"Bearer {api_key}",
            },
            json=request_data_dict,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d7e1b413edb1b96e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/together_ai/rerank/handler.py:77
        response = await client.post(
            "https://api.together.xyz/v1/rerank",
            headers={
                "accept": "application/json",
                "content-type": "application/json",
                "authorization": f"Bearer {api_key}",
            },
            json=request_data_dict,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d8a54f95adebf13c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/agent_engine/transformation.py:395
        response = client.post(
            api_base,
            headers=headers,
            data=json.dumps(data),
            stream=True,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #44c404242b876308 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/agent_engine/transformation.py:459
        response = await client.post(
            api_base,
            headers=headers,
            data=json.dumps(data),
            stream=True,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #42a049f1ff64e5db Filesystem access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/files/transformation.py:236
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e01b3bb636e00d0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/files/transformation.py:297
        bucket_name = litellm_params.get("bucket_name") or os.getenv("GCS_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df5718ddcd49db93 Filesystem access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/files/transformation.py:899
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #b78054969f13aa38 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/gemini/vertex_and_google_ai_studio_gemini.py:2728
        response = await client.post(
            api_base, headers=headers, data=data, stream=True, logging_obj=logging_obj
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c6d3ee873f84273d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/gemini/vertex_and_google_ai_studio_gemini.py:2778
    response = client.post(
        api_base, headers=headers, data=data, stream=True, logging_obj=logging_obj
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #080b156ec1c0cd24 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/gemini/vertex_and_google_ai_studio_gemini.py:3002
            response = await client.post(
                api_base,
                headers=headers,
                json=cast(dict, request_body),
                logging_obj=logging_obj,
            )  # type: ignore

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a0076e5605df7f28 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:69
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #331ea3617dcecb79 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:77
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01dbdc1f5191e634 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:78
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60bb50072a2700e0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:87
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b79adccbb79ccc2f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:89
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50d60bb927a1043a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:77
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1778c714fd9beea Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:85
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57a044d77f26f644 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:86
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9e0dfc843cd5042 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:95
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #213a68449a6fcf80 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:97
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2b6ada655eb3d99 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:101
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ac8a33995a034c2 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:109
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29de0ee1a99ac982 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:110
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42b0bda9ed7159d7 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:119
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc4b41757d06d26a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:121
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d85cfd6159a80cd Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:90
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #494aca460b3e2bb5 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:98
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7973b81986c6674 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:99
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47929e3e129e9207 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:108
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9515d3d6558401f8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:110
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #be0fa0ff3e9ac412 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/multimodal_embeddings/embedding_handler.py:171
            response = await client.post(api_base, headers=headers, json=data)  # type: ignore

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #bd07f8a6c853be41 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:93
        self.gcs_bucket = self.vector_store_config.get("gcs_bucket") or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34a3d5cb3fc14953 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:93
        self.gcs_bucket = self.vector_store_config.get("gcs_bucket") or os.environ.get(
            "GCS_BUCKET_NAME"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7421df87951ef090 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:135
        original_bucket = os.environ.get("GCS_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #239a1372e38b528d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:137
            os.environ["GCS_BUCKET_NAME"] = self.gcs_bucket

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #026be69890438080 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:166
                os.environ["GCS_BUCKET_NAME"] = original_bucket

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a89d3b538d13b80 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:167
            elif "GCS_BUCKET_NAME" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6673abe4c4c28492 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:168
                del os.environ["GCS_BUCKET_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a51b092d5961dfe1 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/vertex_ai_non_gemini.py:157
                f"VERTEX AI: creds={creds}; google application credentials: {os.getenv('GOOGLE_APPLICATION_CREDENTIALS')}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #5d363b1f7b8a524c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/vertex_ai_partner_models/count_tokens/handler.py:178
        response = await async_client.post(
            endpoint_url,
            headers=headers,
            json=request_data,
            timeout=30.0,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #025b33e98db4e5b0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/vertex_embeddings/embedding_handler.py:225
            response = await client.post(api_base, headers=headers, json=vertex_request)  # type: ignore

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a8c5bc17a430bac9 Filesystem access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/vertex_llm_base.py:95
                        with open(credentials) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e85df52cb8f4f3e8 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:2806
                or os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36cf2597b229a9d4 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:2852
                or os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f40544e25988c126 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:3115
                or os.environ.get("HF_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4339aebff69e799b Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:3116
                or os.environ.get("HUGGINGFACE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db5d60c9b6a6c5b6 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:3210
                or os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b450d9695d0b88c Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:4018
                or os.environ.get("OLLAMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #062813e334b3a4e3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/main.py:4296
            resp = litellm.module_level_client.post(
                url,
                headers=headers,
                json={
                    "model": model,
                    "params": {
                        "prompt": [prompt],
                        "max_tokens": max_tokens,
                        "temperature": temperature,
                        "top_p": top_p,
                        "top_k": kwargs.get("top_k"),
                    },
                    **kwargs.get("extra_body", {}),
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #120d2dbde9d20201 Filesystem access.
pkgs/python/[email protected]/litellm/ocr/main.py:420
        with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e98dcac1b18a4f31 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/db.py:812
        response = await async_client.post(
            token_url,
            headers={"Accept": "application/json"},
            data=token_data,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #26a10e03d1291bdf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/discoverable_endpoints.py:438
    response = await async_client.post(
        mcp_server.token_url,
        headers={"Accept": "application/json"},
        data=token_data,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d6c0fe2212c502df Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/discoverable_endpoints.py:543
    response = await async_client.post(
        mcp_server.registration_url,
        headers=headers,
        json=register_data,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #528c6bc921248ae7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/oauth2_token_cache.py:108
            response = await client.post(server.token_url, data=data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #f67688fdbf3be943 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py:94
    with open(filepath, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #a9ececd5b49ed4ed Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py:416
            response = await client.post(
                url, params=params, json=json_body, headers=effective_headers
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #59f826004d678f02 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py:420
            response = await client.put(
                url, params=params, json=json_body, headers=effective_headers
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #8af304e9bc4db4ed Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/utils.py:15
MCP_TOOL_PREFIX_SEPARATOR = os.environ.get("MCP_TOOL_PREFIX_SEPARATOR", "-")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64a65f00c1650bb3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/utils.py:65
    raw = os.environ.get("LITELLM_USE_SHORT_MCP_TOOL_PREFIX", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db757040499daec5 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/_lazy_openapi_snapshot.py:139
    SNAPSHOT_FILE.write_text(json.dumps(fragments, indent=2, sort_keys=True) + "\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1cb7727c46e887c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_logging.py:11
log_level = os.getenv("LITELLM_LOG", "INFO")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94dd0ba793a0357f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/agent_endpoints/endpoints.py:81
    os.environ.get("LITELLM_AGENT_HEALTH_CHECK_TIMEOUT", "5.0")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76f5312e467caa82 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/agent_endpoints/endpoints.py:84
    os.environ.get("LITELLM_AGENT_HEALTH_CHECK_GATHER_TIMEOUT", "30.0")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16787791cc883205 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/auth_utils.py:936
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca5fc8ad987eb003 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/auth_utils.py:937
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3049f6ad6ca7070d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/auth_utils.py:938
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #864cf1cccd912afc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/handle_jwt.py:563
        keys_url = os.getenv("JWT_PUBLIC_KEY_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c448c617b3bf3ea1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/handle_jwt.py:722
        audience = os.getenv("JWT_AUDIENCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db9686da65fb04fc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/handle_jwt.py:723
        issuer = os.getenv("JWT_ISSUER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68c26454c9ae5d24 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/litellm_license.py:28
        self.license_str = os.getenv("LITELLM_LICENSE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78d72373fd2ed362 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/auth/litellm_license.py:46
                with open(_path_to_public_key, "rb") as key_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10dd267eb23e3af9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/litellm_license.py:111
                self.license_str = os.getenv("LITELLM_LICENSE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4eff4d587ea6a2d8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:67
    ui_username = os.getenv("UI_USERNAME", "admin")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bb4e61e43a3fb36 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:68
    ui_password = os.getenv("UI_PASSWORD", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c78fdefee5c2c5e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:174
            os.getenv("PROXY_ADMIN_ID", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71ce6d8547f39bf1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:175
            and os.environ["PROXY_ADMIN_ID"] == user_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6149b1c925648de4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:178
            key_user_id = os.getenv("PROXY_ADMIN_ID", LITELLM_PROXY_ADMIN_NAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14c740b6ce74a01d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:193
        if os.getenv("DATABASE_URL") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #018acf786dbd1a54 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:276
            if os.getenv("DATABASE_URL") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c4dc972ea4dbff5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:144
        token_info_endpoint = os.getenv("OAUTH_TOKEN_INFO_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51061302be35bcf1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:145
        user_id_field_name = os.environ.get("OAUTH_USER_ID_FIELD_NAME", "sub")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8979ff99e4242a11 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:146
        user_role_field_name = os.environ.get("OAUTH_USER_ROLE_FIELD_NAME", "role")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92b7f132b19fe2bd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:147
        user_team_id_field_name = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17c400d7ad69d731 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:147
        user_team_id_field_name = os.environ.get(
            "OAUTH_USER_TEAM_ID_FIELD_NAME", "team_id"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19cc4ebcaaf4ada2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:152
        oauth_client_id = os.environ.get("OAUTH_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50d10f327f666689 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:153
        oauth_client_secret = os.environ.get("OAUTH_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #5785a5ff7868895a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:180
                response = await client.post(
                    token_info_endpoint, headers=headers, data=data
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #0372fb1987926f35 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:80
            oidc_token = open(aws_web_identity_token).read()  # check if filepath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #740d7b6747874cb4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:169
            aws_region_name=os.getenv("AWS_REGION_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #050976bd9de825dd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:170
            aws_access_key_id=os.getenv("AWS_ACCESS_KEY_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab15618db84e08ad Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:171
            aws_secret_access_key=os.getenv("AWS_SECRET_ACCESS_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41e912fb57d4b0a5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:172
            aws_session_name=os.getenv("AWS_SESSION_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eba6b44ba1d2a0c7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:173
            aws_profile_name=os.getenv("AWS_PROFILE_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #662b8e0659e50790 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:174
            aws_role_name=os.getenv("AWS_ROLE_NAME", os.getenv("AWS_ROLE_ARN")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d312ce8c52808292 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:175
            aws_web_identity_token=os.getenv(
                "AWS_WEB_IDENTITY_TOKEN", os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd2c3c7a771c266f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:176
                "AWS_WEB_IDENTITY_TOKEN", os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #bfe35fd086e70b90 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/client/chat.py:163
            response = session.post(
                url, headers=self._get_headers(), json=data, stream=True
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #867ee98e37109126 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/auth.py:30
    with open(token_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d345cf33b19289b9 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/auth.py:43
        with open(token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #f69ff8380c3b63ee Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/auth.py:359
    response = requests.post(f"{base_url}/sso/cli/start", timeout=10)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #61b2b01f7fd24c53 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/chat.py:287
        with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4bdfab864abed3f Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/chat.py:308
        with open(filename, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbb5f66046821bef Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/models.py:395
    with open(yaml_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #39c07a110d66ee1b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/client/health.py:32
        return self._http.request("GET", "/health/readiness")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4ca24c7c0459e725 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/client/users.py:55
        response = requests.post(url, headers=self._get_headers(), json=user_data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #290d1cb9918b5cb4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/client/users.py:64
        response = requests.post(
            url, headers=self._get_headers(), json={"user_ids": user_ids}
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #2be347eced167211 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/debug_utils.py:91
if os.environ.get("LITELLM_PROFILE", "false").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ed3785473d720e9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/debug_utils.py:816
            litellm_log_setting = os.environ.get("LITELLM_LOG", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17e8047dd9151120 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/encrypt_decrypt_utils.py:11
    salt_key = os.getenv("LITELLM_SALT_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bec2cc6eeef123a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/html_forms/ui_login.py:5
url_to_redirect_to = os.getenv("PROXY_BASE_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33203956d95cf50f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/html_forms/ui_login.py:6
server_root_path = os.getenv("SERVER_ROOT_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5525282ee1ff5b72 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/common_utils/load_config_utils.py:112
        with open(local_file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27a08ab8cb484727 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/common_utils/load_config_utils.py:161
        with open(local_file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f68364e3c55b6427 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/common_utils/static_asset_utils.py:38
        with open(resolved, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12a03d9c9bd573c1 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/container_endpoints/handler_factory.py:31
    with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcf4d5ab312358bf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/check_migration.py:95
        db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c637b372ef8dc5aa Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/db_spend_update_writer.py:722
        spend_logs_url: Optional[str] = os.getenv("SPEND_LOGS_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a3d8396fd05d1eb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/dynamo_db.py:69
        os.environ["AWS_ACCESS_KEY_ID"] = aws_access_key_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb1c687ebb4f2817 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/dynamo_db.py:70
        os.environ["AWS_SECRET_ACCESS_KEY"] = aws_secret_access_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c049bc4232007f7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/dynamo_db.py:71
        os.environ["AWS_SESSION_TOKEN"] = aws_session_token

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f58d3804f401f77 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:160
        db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86f613491cc15e6b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:206
            db_host = os.getenv("DATABASE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24c93101354d2a91 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:207
            db_port = os.getenv("DATABASE_PORT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a60004c470f2f75 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:208
            db_user = os.getenv("DATABASE_USER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1107c6c70e5a13f1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:209
            db_name = os.getenv("DATABASE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c53556b70563e797 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:210
            db_schema = os.getenv("DATABASE_SCHEMA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acfd9e1816c35475 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:220
            os.environ["DATABASE_URL"] = _db_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea2152a970bd936c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:366
            db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfdbad2d04ed6341 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:504
        disable_updates = os.getenv("DISABLE_SCHEMA_UPDATE", "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a8fed486313fc97 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/discovery_endpoints/ui_discovery_endpoints.py:24
        os.getenv("AUTO_REDIRECT_UI_LOGIN_TO_SSO", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1be04fc5aebff6bb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/discovery_endpoints/ui_discovery_endpoints.py:27
    admin_ui_disabled = os.getenv("DISABLE_ADMIN_UI", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #649f9bc6740b7fe2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/example_config_yaml/custom_auth.py:10
        modified_master_key = f"{os.getenv('LITELLM_MASTER_KEY')}-1234"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6850705b4c1fe692 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_endpoints.py:1434
        with open(category_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e92885b8291de85 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_endpoints.py:1471
        with open(airlines_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddd5274a066cf945 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aim/aim.py:56
        self.api_key = api_key or os.environ.get("AIM_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c9675e974dc238f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aim/aim.py:64
            api_base or os.environ.get("AIM_API_BASE") or "https://api.aim.security"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfd4693f8166579c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/akto/akto.py:81
            akto_base_url or os.environ.get("AKTO_GUARDRAIL_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d44de49289e8f02 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/akto/akto.py:88
        self.akto_api_key = akto_api_key or os.environ.get("AKTO_API_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b62fbc470004688d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/akto/akto.py:98
        self.akto_account_id = akto_account_id or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ac5c333448b636d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/akto/akto.py:98
        self.akto_account_id = akto_account_id or os.environ.get(
            "AKTO_ACCOUNT_ID", "1000000"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e89994ede533e426 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/akto/akto.py:101
        self.akto_vxlan_id = akto_vxlan_id or os.environ.get("AKTO_VXLAN_ID", "0")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ef9a5f7596845f3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aporia_ai/aporia_ai.py:48
        self.aporia_api_key = api_key or os.environ["APORIO_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0714b1d918aeed64 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aporia_ai/aporia_ai.py:49
        self.aporia_api_base = api_base or os.environ["APORIO_API_BASE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87010ad8399fbffa Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/crowdstrike_aidr/crowdstrike_aidr.py:58
        self.api_key = api_key or os.environ.get("CS_AIDR_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a14dd54bb1950e64 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/crowdstrike_aidr/crowdstrike_aidr.py:64
        self.api_base = api_base or os.environ.get("CS_AIDR_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd5daf2930111fd8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:56
        self.api_key = api_key or os.getenv("DYNAMOAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1472143b861a8114 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:62
        self.api_base = api_base or os.getenv(
            "DYNAMOAI_API_BASE", "https://api.dynamo.ai"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6c858edb361106d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:68
        self.model_id = model_id or os.getenv("DYNAMOAI_MODEL_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0907551cd26cbd0d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:71
        env_policy_ids = os.getenv("DYNAMOAI_POLICY_IDS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c08e0519ea474c2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/enkryptai/enkryptai.py:67
        self.api_key = api_key or os.getenv("ENKRYPTAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed72a68b7c3c17d0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/enkryptai/enkryptai.py:73
        self.api_base = api_base or os.getenv(
            "ENKRYPTAI_API_BASE", "https://api.enkryptai.com"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29f37a65b6d9b61c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/generic_guardrail_api/generic_guardrail_api.py:203
        base_url = api_base or os.environ.get("GENERIC_GUARDRAIL_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42b8d5626f27aba4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:84
        api_key_value = api_key or os.getenv("GRAYSWAN_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8035aaf6b1bb777b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:91
        base = api_base or os.getenv("GRAYSWAN_API_BASE") or self.BASE_API_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba70421b62e72b45 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:639
        env_val = os.getenv("GRAYSWAN_VIOLATION_THRESHOLD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd82abb87f658b27 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:650
        env_val = os.getenv("GRAYSWAN_REASONING_MODE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #037bafb8e95ae10c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/guardrails_ai/guardrails_ai.py:74
            api_base or os.getenv("GUARDRAILS_AI_API_BASE") or "http://0.0.0.0:8000"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e00aaf6e7c3b79fa Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:48
    resp = requests.post(token_url, auth=HTTPBasicAuth(api_id, api_key))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #946a31007c63f9a9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:74
        self.hiddenlayer_client_id = api_id or os.getenv("HIDDENLAYER_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4a1063bec188139 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:75
        self.hiddenlayer_client_secret = api_key or os.getenv(
            "HIDDENLAYER_CLIENT_SECRET"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e74f848663919d0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:80
            or os.getenv("HIDDENLAYER_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f2ac1d13d8a4176 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:87
            or os.getenv("HIDDENLAYER_AUTH_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #c0ecb03d60fa5ca6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:253
            response = await self._http_client.post(
                f"{self.api_base}/detection/v1/interactions",
                json=data,
                headers=headers,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #83404370fbbc7155 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:274
                response = await self._http_client.post(
                    f"{self.api_base}/detection/v1/interactions",
                    json=data,
                    headers=headers,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #cc346719f773a416 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:308
        self.hiddenlayer_client_id = api_id or os.getenv("HIDDENLAYER_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #550bc14b263cdb74 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:309
        self.hiddenlayer_client_secret = api_key or os.getenv(
            "HIDDENLAYER_CLIENT_SECRET"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9286117f99d54a5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:314
            or os.getenv("HIDDENLAYER_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f268d345a547ea37 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:321
            or os.getenv("HIDDENLAYER_AUTH_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #2a9e7d64ff97a96e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:479
            response = await self._http_client.post(
                f"{self.api_base}/{path}",
                json=payload,
                headers=headers,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #113b330a3b7d21c5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:499
                response = await self._http_client.post(
                    f"{self.api_base}/{path}",
                    json=payload,
                    headers=headers,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #bdc03b1c0da103f4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/ibm_guardrails/ibm_detector.py:55
        self.auth_token = auth_token or os.getenv("IBM_GUARDRAILS_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #966d137ffcc1e82d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lakera_ai.py:62
        self.lakera_api_key = api_key or os.environ.get("LAKERA_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7e38de5b53b8431 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lakera_ai_v2.py:65
        self.lakera_api_key = api_key or os.environ.get("LAKERA_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53f651e2569fc187 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:108
        self.lasso_api_key = lasso_api_key or api_key or os.environ.get("LASSO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8af53bcdb090a512 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:109
        self.user_id = user_id or os.environ.get("LASSO_USER_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6aae9341320bc373 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:110
        self.conversation_id = conversation_id or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #667eae3b57b2cf70 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:110
        self.conversation_id = conversation_id or os.environ.get(
            "LASSO_CONVERSATION_ID"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7b3fd0bd1dfda52 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:123
            or os.getenv("LASSO_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bc395b42ee42a8a Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/competitor_intent/airline.py:124
        with open(_MAJOR_AIRLINES_PATH, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be18c71ca40a249c Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/content_filter.py:604
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4acd602da5f8676b Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/content_filter.py:630
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1965bbe2cfb2e07 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/content_filter.py:736
            with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aad3dd264ecd44da Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:40
    with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d33adf34d41c6e1 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:147
    with open(result_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b67451706e3b5d7d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:562
    not os.environ.get("OPENAI_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5e781fc7622b6e9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:581
    not os.environ.get("ANTHROPIC_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6c7e55e9d1579f0 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/patterns.py:18
    with open(json_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69e413d5fb73197d Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/patterns.py:161
                with open(category_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f926d0969e61a602 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:107
    key_material = os.environ.get(env_var, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba66794b6bf103bb Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:114
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61bc2d2c3a879821 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:250
        key_material = os.environ.get(self.SIGNING_KEY_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a6e139eb549574c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:271
            or os.environ.get("MCP_JWT_ISSUER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #486f2dda221a282c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:272
            or os.environ.get("LITELLM_EXTERNAL_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #984de1c5b1fef81d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:276
            audience or os.environ.get("MCP_JWT_AUDIENCE") or self.DEFAULT_AUDIENCE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe585bf691008cde Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:281
            else os.environ.get("MCP_JWT_TTL_SECONDS", str(self.DEFAULT_TTL))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #1a517d8f69b14d2e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:498
        resp = await client.post(
            self.token_introspection_endpoint,
            data={"token": token},
            headers={"Accept": "application/json"},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #97e4585c2e49f6e2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:132
        self.api_key = api_key or os.environ.get("NOMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1242d13453b8baf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:133
        self.api_base = api_base or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c61a15a67ab94b8a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:133
        self.api_base = api_base or os.environ.get(
            "NOMA_API_BASE", NomaGuardrail._DEFAULT_API_BASE
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10510088502de193 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:136
        self.application_id = application_id or os.environ.get("NOMA_APPLICATION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a8dc9dc75cb5b01 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:141
                os.environ.get("NOMA_MONITOR_MODE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44beadee68e91db3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:148
                os.environ.get("NOMA_BLOCK_FAILURES", "true").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26f119556178c9a9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:155
                os.environ.get("NOMA_ANONYMIZE_INPUT", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c70ecebcb54e0118 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:60
        self.api_key = api_key or os.environ.get("NOMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfebcb770f09d5eb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:62
            api_base or os.environ.get("NOMA_API_BASE") or _DEFAULT_API_BASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5536e95b606c32b1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:64
        self.application_id = application_id or os.environ.get("NOMA_APPLICATION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6040e1433fb355a2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:67
                os.environ.get("NOMA_MONITOR_MODE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0a7b8d3e28386bf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:74
                os.environ.get("NOMA_BLOCK_FAILURES", "true").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85120f4ecc90b752 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:38
        timeout = timeout or int(os.getenv("ONYX_TIMEOUT", 10.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6898fb57161d2a5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:43
        self.api_base = api_base or os.getenv(
            "ONYX_API_BASE",
            "https://ai-guard.onyx.security",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17996a016024f183 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:47
        self.api_key = api_key or os.getenv("ONYX_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7148105274dfa182 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/openai/moderations.py:105
            os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c555c455ace4ed9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pangea/pangea.py:83
        self.api_key = api_key or os.environ.get("PANGEA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42536a406f01cf17 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pangea/pangea.py:92
            or os.environ.get("PANGEA_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ff36b14b9b15d98 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/panw_prisma_airs/panw_prisma_airs.py:112
        self.api_key = api_key or os.getenv("PANW_PRISMA_AIRS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa57a9286d11e590 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/panw_prisma_airs/panw_prisma_airs.py:115
            or os.getenv("PANW_PRISMA_AIRS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #9724eb132260f508 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/panw_prisma_airs/panw_prisma_airs.py:372
            response = await async_client.client.post(  # type: ignore[attr-defined]
                f"{self.api_base}/v1/scan/sync/request",
                headers=headers,
                json=payload,
                timeout=self.timeout,
                follow_redirects=False,  # Prevent redirect attacks
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #b9525db3d3466250 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:217
        self.api_key = api_key or os.environ.get("PILLAR_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfac5811c6002575 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:226
        self.api_base = api_base or os.getenv("PILLAR_API_BASE") or self.BASE_API_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #809dc48e73421b96 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:229
        action = on_flagged_action or os.environ.get("PILLAR_ON_FLAGGED_ACTION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9902712e98e889a5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:269
        action = fallback_on_error or os.environ.get("PILLAR_FALLBACK_ON_ERROR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41a934ce4b54c886 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:289
                    os.environ.get("PILLAR_TIMEOUT", str(self.DEFAULT_TIMEOUT))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9f51b9ecac48ad4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:293
                    f"Pillar Guardrail: Invalid PILLAR_TIMEOUT value '{os.environ.get('PILLAR_TIMEOUT')}', "

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6cc8b9c360c5dcf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:635
            env_value = os.getenv(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #109310edf1041302 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/presidio.py:145
                with open(ad_hoc_recognizers, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #7f15b80255c9bef9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/presidio.py:356
                async with session.post(
                    analyze_url,
                    json=analyze_payload,
                    headers={"Accept": "application/json"},
                ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ef66bcb47355615e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/presidio.py:446
            async with session.post(
                anonymize_url,
                json=anonymize_payload,
                headers={"Accept": "application/json"},
            ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #1ed312c72931cb78 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:41
        self.api_key = api_key or os.environ.get("PROMPT_SECURITY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79fa30fbbb122129 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:42
        self.api_base = api_base or os.environ.get("PROMPT_SECURITY_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f21597a495385a7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:43
        self.user = user or os.environ.get("PROMPT_SECURITY_USER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6c2dbc82eb55f47 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:44
        self.system_prompt = system_prompt or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4347145616bab024 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:44
        self.system_prompt = system_prompt or os.environ.get(
            "PROMPT_SECURITY_SYSTEM_PROMPT"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7ac9f7f62c16b3d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:52
            check_tool_results_env = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bcb23fbb4fcb2dc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:52
            check_tool_results_env = os.environ.get(
                "PROMPT_SECURITY_CHECK_TOOL_RESULTS", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dc5340dcb360ab6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/promptguard/promptguard.py:57
        self.api_key = api_key or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c0b306a598097cd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/promptguard/promptguard.py:57
        self.api_key = api_key or os.environ.get(
            "PROMPTGUARD_API_KEY",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff79c152fcee30a8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/promptguard/promptguard.py:69
            api_base or os.environ.get("PROMPTGUARD_API_BASE") or _DEFAULT_API_BASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c224f900fd0d529b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/promptguard/promptguard.py:73
            env = os.environ.get("PROMPTGUARD_BLOCK_ON_ERROR", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f58f0505751cb360 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/qohash/qohash.py:29
        api_base = api_base or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ddc2f59e9fc5f4a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/qohash/qohash.py:29
        api_base = api_base or os.environ.get(
            "QOSTODIAN_NEXUS_API_BASE", "http://nexus:8800"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #210718a22d4feffc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/qualifire/qualifire.py:68
            or os.environ.get("QUALIFIRE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14c48d61fe4cc701 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/qualifire/qualifire.py:73
            or os.environ.get("QUALIFIRE_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1abdd159e9a9e32 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/semantic_guard/route_loader.py:38
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #972bd9332910bb69 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/semantic_guard/route_loader.py:58
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf0f29cd22b0e65e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/xecguard/xecguard.py:92
        self.api_key = api_key or os.environ.get("XECGUARD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42d9620b53107b59 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/xecguard/xecguard.py:102
            api_base or os.environ.get("XECGUARD_API_BASE") or _DEFAULT_API_BASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a880d8c25d7f01e0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/xecguard/xecguard.py:109
            env = os.environ.get("XECGUARD_BLOCK_ON_ERROR", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4eeb8a644a278a47 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:41
        self.zscaler_ai_guard_url = api_base or os.getenv(
            "ZSCALER_AI_GUARD_URL",
            "https://api.us1.zseclipse.net/v1/detection/execute-policy",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d584a0024aa9a59f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:48
            else int(os.getenv("ZSCALER_AI_GUARD_POLICY_ID", -1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99d8b44f1cffc95d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:50
        self.api_key = api_key or os.getenv("ZSCALER_AI_GUARD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e478c7bee5b061e9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:54
            else os.getenv("SEND_USER_API_KEY_ALIAS", "False").lower() in ("true", "1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e484abe3696ea59a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:59
            else os.getenv("SEND_USER_API_KEY_USER_ID", "False").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16fb9c966e60d166 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:65
            else os.getenv("SEND_USER_API_KEY_TEAM_ID", "False").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #4daf80a42020e27e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:280
        response = await async_client.post(
            f"{url}",
            headers=headers,
            json=data,
            timeout=GUARDRAIL_TIMEOUT,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #b2cc424cd00e619f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/health_endpoints/_health_endpoints.py:416
                user_email=os.getenv("TEST_EMAIL_ADDRESS"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b430dae11a8e136d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/__init__.py:29
if os.getenv("LEGACY_MULTI_INSTANCE_RATE_LIMITING", "false").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3321f79a24aba1c6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/dynamic_rate_limiter.py:121
                if os.getenv("LITELLM_LICENSE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #547bb15c18cdf5cd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/dynamic_rate_limiter_v3.py:122
            if os.getenv("LITELLM_LICENSE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bc8414a0095671a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/max_budget_per_session_limiter.py:70
            os.getenv(
                "LITELLM_MAX_BUDGET_PER_SESSION_TTL",
                DEFAULT_MAX_BUDGET_PER_SESSION_TTL,
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26cc80c97149133e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/max_iterations_limiter.py:73
            os.getenv("LITELLM_MAX_ITERATIONS_TTL", DEFAULT_MAX_ITERATIONS_TTL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #949fc3642cbfd2d5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/parallel_request_limiter_v3.py:260
        self.window_size = int(os.getenv("LITELLM_RATE_LIMIT_WINDOW_SIZE", 60))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54d59cc8af0bb416 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/responses_id_security.py:182
        salt_key = os.getenv("LITELLM_SALT_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #268d6674cb412ae8 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/callback_management_endpoints.py:52
    with open(config_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #278308d0e79ef4a2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/config_override_endpoints.py:162
        env_value = os.environ.get(env_var_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48a901fdacede874 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/config_override_endpoints.py:204
            os.environ[env_var_name] = str(value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb2f21b1e611e903 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/config_override_endpoints.py:206
            os.environ.pop(env_var_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3f1fef1b38aa792 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/key_management_endpoints.py:3920
    grace_period_value = grace_period or os.getenv(
        "LITELLM_KEY_ROTATION_GRACE_PERIOD", ""
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3485a77494cb22a4 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/mcp_management_endpoints.py:2140
            with open(_MCP_REGISTRY_PATH, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45922dcda2847a6b Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/mcp_management_endpoints.py:2214
        with open(_OPENAPI_REGISTRY_PATH, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88539f08f3e1c6dc Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/policy_endpoints/endpoints.py:636
    with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cd1ec81eb833718 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/policy_endpoints/endpoints.py:656
    use_local = os.getenv("LITELLM_LOCAL_POLICY_TEMPLATES", "").strip().lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #696740f71731dcd4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/sso/custom_microsoft_sso.py:59
        custom_authorization_endpoint = os.getenv(
            "MICROSOFT_AUTHORIZATION_ENDPOINT", None
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d5f9accb8bb4a9c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/sso/custom_microsoft_sso.py:62
        custom_token_endpoint = os.getenv("MICROSOFT_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc0352188d6ba1d4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/sso/custom_microsoft_sso.py:63
        custom_userinfo_endpoint = os.getenv("MICROSOFT_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f1618abf8e0a166 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:547
                generic_user_role_attribute_name = os.getenv(
                    "GENERIC_USER_ROLE_ATTRIBUTE", "role"
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f1867c4c1fe4d28 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:593
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1344536929ae8c10 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:594
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5ff79ee336100cf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:595
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #539a50961b6b40eb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:598
    _disable_ui_flag = os.getenv("DISABLE_ADMIN_UI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75781cf52b947062 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:633
    ui_username = os.getenv("UI_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19d7ad22225bac7c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:712
    generic_user_id_attribute_name = os.getenv(
        "GENERIC_USER_ID_ATTRIBUTE", "preferred_username"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b93df882bec1c773 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:715
    generic_user_display_name_attribute_name = os.getenv(
        "GENERIC_USER_DISPLAY_NAME_ATTRIBUTE", "sub"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #caec51445381801a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:718
    generic_user_email_attribute_name = os.getenv(
        "GENERIC_USER_EMAIL_ATTRIBUTE", "email"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cdc8ce5166a6b79 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:722
    generic_user_first_name_attribute_name = os.getenv(
        "GENERIC_USER_FIRST_NAME_ATTRIBUTE", "first_name"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdfeb998df55eac6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:725
    generic_user_last_name_attribute_name = os.getenv(
        "GENERIC_USER_LAST_NAME_ATTRIBUTE", "last_name"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f20e14d065e6da33 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:729
    generic_provider_attribute_name = os.getenv(
        "GENERIC_USER_PROVIDER_ATTRIBUTE", "provider"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53a6ee8739a72524 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:733
    generic_user_role_attribute_name = os.getenv("GENERIC_USER_ROLE_ATTRIBUTE", "role")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d57351a3d7ac91f6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:735
    generic_user_extra_attributes = os.getenv("GENERIC_USER_EXTRA_ATTRIBUTES", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b68e4bb09b2ddd7e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:838
    generic_client_secret = os.getenv("GENERIC_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a137907243a2d0d8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:839
    generic_scope = os.getenv("GENERIC_SCOPE", "openid email profile").split(" ")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ce119dbe80be228 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:840
    generic_authorization_endpoint = os.getenv("GENERIC_AUTHORIZATION_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9b31af67586958c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:841
    generic_token_endpoint = os.getenv("GENERIC_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f96718ade8d5bed4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:842
    generic_userinfo_endpoint = os.getenv("GENERIC_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a47090d265db738 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:844
        os.getenv("GENERIC_INCLUDE_CLIENT_ID", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c22a60c2353509e3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:967
    generic_role_mappings = os.getenv("GENERIC_ROLE_MAPPINGS_ROLES", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #007cd19ea60458c9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:968
    generic_role_mappings_group_claim = os.getenv(
        "GENERIC_ROLE_MAPPINGS_GROUP_CLAIM", None
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bba900050feda3c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:971
    generic_role_mappoings_default_role = os.getenv(
        "GENERIC_ROLE_MAPPINGS_DEFAULT_ROLE", None
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc36e312de03ee0d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1008
    raw = os.getenv("GENERIC_SSO_HEADERS", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #508a144964602241 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1032
    pkce_configured = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #130bee0e04e04717 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1567
    proxy_admin_id = os.getenv("PROXY_ADMIN_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed97797961e715e6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1620
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4192492c1b22e346 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1621
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9e2e297e209a17e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1622
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2b20b4c4da75d4d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2021
    _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd348726f997d198 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2022
    _logout_url = os.getenv("PROXY_LOGOUT_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3d791859d064ebf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2023
    _api_doc_base_url = os.getenv("LITELLM_UI_API_DOC_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05851e4fe9e675b3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2030
    if "PROXY_DEFAULT_TEAM_DISABLED" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72fd1870cf849d9c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2031
        if os.environ["PROXY_DEFAULT_TEAM_DISABLED"].lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca3c919860255d27 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2057
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24e4f6f9f0376f3d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2058
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3339c22b657fef31 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2059
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77e7e55dac49e85b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2082
        google_client_secret = os.getenv("GOOGLE_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d56fb335e0ecc201 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2087
        microsoft_client_secret = os.getenv("MICROSOFT_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b21ead9b096fd68 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2088
        microsoft_tenant = os.getenv("MICROSOFT_TENANT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #038a9b9d1798f917 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2095
        generic_client_secret = os.getenv("GENERIC_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b396169d7a90571 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2096
        generic_authorization_endpoint = os.getenv(
            "GENERIC_AUTHORIZATION_ENDPOINT", None
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8ce6eec27532d87 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2099
        generic_token_endpoint = os.getenv("GENERIC_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92958db28120f9bd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2100
        generic_userinfo_endpoint = os.getenv("GENERIC_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70ae6994cac28b08 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2195
            google_client_secret = os.getenv("GOOGLE_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #998a5564f1396c7e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2215
            microsoft_client_secret = os.getenv("MICROSOFT_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bcd55182d0e8852 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2216
            microsoft_tenant = os.getenv("MICROSOFT_TENANT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e2db62ca874811f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2237
            generic_client_secret = os.getenv("GENERIC_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efa3e929f7f38efa Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2238
            generic_scope = os.getenv("GENERIC_SCOPE", "openid email profile").split(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae95bc1355dee1ca Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2241
            generic_authorization_endpoint = os.getenv(
                "GENERIC_AUTHORIZATION_ENDPOINT", None
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d90764ba64f2776b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2244
            generic_token_endpoint = os.getenv("GENERIC_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d55a34e8487a4469 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2245
            generic_userinfo_endpoint = os.getenv("GENERIC_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79bc284477444224 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2450
            generic_client_state = os.getenv("GENERIC_CLIENT_STATE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5be5cb8100542807 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2458
        use_pkce = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ac07e561c66e7e4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2729
        if user_email is not None and os.getenv("ALLOWED_EMAIL_DOMAINS") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d6a1112eeba4a42 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2731
            allowed_domains = os.getenv("ALLOWED_EMAIL_DOMAINS").split(",")  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b322f77a171dac5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2758
            generic_user_role_attribute_name = os.getenv(
                "GENERIC_USER_ROLE_ATTRIBUTE", "role"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdfc21c8bba76484 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3049
        use_pkce = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1d56f8861eb99c1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3143
            os.getenv("PKCE_STRICT_CACHE_MISS", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f94c07df6f8f3a54 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3595
        microsoft_client_secret = os.getenv("MICROSOFT_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f2159ab496f1985 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3596
        microsoft_tenant = os.getenv("MICROSOFT_TENANT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edc7ecfcfac9c343 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3754
            service_principal_id = os.getenv("MICROSOFT_SERVICE_PRINCIPAL_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c231877ab31bafe2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3958
        google_client_secret = os.getenv("GOOGLE_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31bd48db694a2920 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3995
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c100e72791c7121 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3996
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5758cbb70fa7fee Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3997
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e19cb7fc0c7983d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4070
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2eac5101d1e0f3f2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4071
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #622b74e5c22427fa Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4072
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbeecb858883347d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4074
    redirect_url = os.getenv("PROXY_BASE_URL", str(request.base_url))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2189e0aeda6a102c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/middleware/in_flight_requests_middleware.py:65
            if "PROMETHEUS_MULTIPROC_DIR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cb8bc7421c12753 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:208
        os.getenv("GEMINI_API_BASE") or "https://generativelanguage.googleapis.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43484d2514e2ac5b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:274
    base_target_url = os.getenv("COHERE_API_BASE") or "https://api.cohere.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b509337aff73ef1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:405
    base_target_url = os.getenv("MISTRAL_API_BASE") or "https://api.mistral.ai"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbabd0cf92f5cc1d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:616
        os.getenv("ANTHROPIC_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56c95a05a041b137 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:617
        or os.getenv("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #410ec5c75b20ca01 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2030
    base_target_url = os.getenv("OPENAI_API_BASE") or "https://api.openai.com/"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0c2fe26d357ca3c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2193
    base_target_url = os.getenv("CURSOR_API_BASE") or "https://api.cursor.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76ab0715a0180aa4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/prometheus_cleanup.py:35
    if not os.environ.get("PROMETHEUS_MULTIPROC_DIR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10a6732b1da8faed Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:28
litellm_mode = os.getenv("LITELLM_MODE", "DEV")  # "PRODUCTION", "DEV"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00ebba6eb5fae0b3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:301
        if os.environ.get("PROMETHEUS_MULTIPROC_DIR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f99d6e15b05d3786 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:323
            with open(os.devnull, "w") as devnull:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #234f677797f96369 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:377
        multiproc_dir = os.environ.get("PROMETHEUS_MULTIPROC_DIR") or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4d96f621d2febb4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:377
        multiproc_dir = os.environ.get("PROMETHEUS_MULTIPROC_DIR") or os.environ.get(
            "prometheus_multiproc_dir"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4531ad08fd6b2846 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:386
            os.environ["PROMETHEUS_MULTIPROC_DIR"] = multiproc_dir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a28c49c550f8aa05 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:755
            db_host = os.getenv("DATABASE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d43d813181e16f3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:756
            db_port = os.getenv("DATABASE_PORT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7453330297faaedb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:757
            db_user = os.getenv("DATABASE_USER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecf8e38b761973f9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:758
            db_name = os.getenv("DATABASE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ccf991cceb6b3f4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:759
            db_schema = os.getenv("DATABASE_SCHEMA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad243f5a70969475 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:770
            os.environ["DATABASE_URL"] = _db_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7bcfa7e6612a422 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:771
            os.environ["IAM_TOKEN_DB_AUTH"] = "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f56243180c9e86e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:778
            os.getenv("USE_AWS_KMS", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #576eda5dd3d20128 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:779
            and os.getenv("USE_AWS_KMS") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f988a012bb636694 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:785
                os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21a3c5409a2b536f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:841
            if database_url is None and os.getenv("DATABASE_URL") is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #281992f852f77b17 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:847
                    os.environ["DATABASE_URL"] = database_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34126bea1f743019 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:868
                os.environ["DATABASE_URL"] = database_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70c0879e5fc62c41 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:871
        if config is None and os.getenv("DATABASE_URL") is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #999306981c8d39bd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:877
                os.environ["DATABASE_URL"] = database_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd828dcbe892234f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:889
            os.getenv("DATABASE_URL", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbe1665aca748673 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:890
            or os.getenv("DIRECT_URL", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90f3b8a50e832be6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:895
                if os.getenv("DATABASE_URL", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #816eed2a693448d4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:905
                    os.environ["DATABASE_URL"] = modified_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4748fea99c4a60df Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:906
                if os.getenv("DIRECT_URL", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf45dfbb9fb2ad2c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:912
                    database_url = os.getenv("DIRECT_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #170720de47337df8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:914
                    os.environ["DIRECT_URL"] = modified_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b425b828ae9c029f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:592
global_max_parallel_request_retries_env: Optional[str] = os.getenv(
    "LITELLM_GLOBAL_MAX_PARALLEL_REQUEST_RETRIES"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aabffe347061341c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:602
global_max_parallel_request_retry_timeout_env: Optional[str] = os.getenv(
    "LITELLM_GLOBAL_MAX_PARALLEL_REQUEST_RETRY_TIMEOUT"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4443a4f843f9b41 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:623
_title = os.getenv("DOCS_TITLE", "LiteLLM API") if premium_user else "LiteLLM API"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae91d3a14cdc01f7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:625
    os.getenv(
        "DOCS_DESCRIPTION",
        f"Enterprise Edition \n\nProxy Server to call 100+ LLMs in the OpenAI format. {custom_swagger_message}\n\n{ui_message}",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6e7bafc68e360dd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:731
    _startup_hooks_env = os.environ.get("LITELLM_WORKER_STARTUP_HOOKS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #857d2b75a8515c09 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:798
        elif os.environ.get("LITELLM_CONFIG_BUCKET_NAME") is not None and isinstance(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #091e2f8b0b3f02b1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1174
if os.getenv("DOCS_FILTERED", "False") == "True" and premium_user:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cafb0405510a32d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1221
        else os.getenv("LITELLM_CORS_ORIGINS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11c615e7d378bbb8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1237
        else os.getenv("LITELLM_CORS_ALLOW_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #353950dbc09b7901 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1361
    is_non_root = os.getenv("LITELLM_NON_ROOT", "").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b492705ae29d3a7c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1370
    runtime_ui_path = os.getenv("LITELLM_UI_PATH", default_runtime_ui_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2ea75a1d8f67f27 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1471
                        with open(file_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c1bdf6dc2036216 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1486
                        with open(file_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8119c3d16c409823 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1672
root_redirect_url: Optional[str] = os.getenv("ROOT_REDIRECT_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0aa3d2cf52b847c2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1848
        KVUri = os.getenv("AZURE_KEY_VAULT_URI", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83e1fb886adc1a10 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:2688
        with open(os.devnull, "w") as devnull:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2f003d78a2afe03 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3278
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7106f4f9e4e2adf Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3301
            with open(f"{file_path}", "r") as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01547330d2ccbd28 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3401
            with open(f"{user_config_file_path}", "w") as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3463c34e10a2d435 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3564
        if os.environ.get("LITELLM_CONFIG_BUCKET_NAME") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d67d2f4909c7eb89 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3565
            bucket_name = os.environ.get("LITELLM_CONFIG_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4814556e2355dc6a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3566
            object_key = os.environ.get("LITELLM_CONFIG_BUCKET_OBJECT_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9db16d2a6df71102 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3567
            bucket_type = os.environ.get("LITELLM_CONFIG_BUCKET_TYPE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df94569867b06e0b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3733
                        os.environ[key] = resolved_secret_string

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7035e9f495eac2c5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3742
                    os.environ[key] = str(value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5656d60eba9c1b38 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3746
                _license_check.license_str = os.getenv("LITELLM_LICENSE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #887a2dc83dafed96 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:4147
            use_pkce = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb9f48df542098ad Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:4353
                    v = os.getenv(_v)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f135162b4a5c2fb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:5001
                    os.environ[k] = decrypted_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07b56c1647530186 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:5432
                os.environ[upper_key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f65499e25a3224d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6381
    os.environ["WORKER_CONFIG"] = json.dumps(data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f65bb77145af4a8f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6407
    if os.getenv("LITELLM_DONT_SHOW_FEEDBACK_BOX", "").lower() != "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #105100a3d6bb87b2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6438
        litellm_log_setting = os.environ.get("LITELLM_LOG", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad5044a680bfdce5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6488
        os.environ["AZURE_API_VERSION"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7dde0f59cec0562a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7574
            if os.getenv("PROMETHEUS_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d29bd405a4f22feb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7699
            app_name = os.getenv("PYROSCOPE_APP_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #149cdca31fc0a9bc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7705
            server_address = os.getenv("PYROSCOPE_SERVER_ADDRESS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dede59d3b821790c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7712
            env_name = os.getenv("OTEL_ENVIRONMENT_NAME") or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0496e25978617694 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7712
            env_name = os.getenv("OTEL_ENVIRONMENT_NAME") or os.getenv(
                "LITELLM_DEPLOYMENT_ENVIRONMENT",
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abe3da7aba52ddd7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7717
            sample_rate_env = os.getenv("PYROSCOPE_SAMPLE_RATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68c218fa36aa7c61 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:12420
    ui_username = os.getenv("UI_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba97255fb10f61ac Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13092
    logo_path = os.getenv("UI_LOGO_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47d017ae5bb4aca0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13106
    is_non_root = os.getenv("LITELLM_NON_ROOT", "").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8569c74034c9897 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13111
    assets_dir = os.getenv("LITELLM_ASSETS_PATH", default_assets_dir)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd8faef3826f6285 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13134
    logo_path = os.getenv("UI_LOGO_PATH", default_logo)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #301f9b0537f88fbf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13176
    favicon_url = os.getenv("LITELLM_FAVICON_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5790dee056760365 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:14172
                    _value = os.getenv("SLACK_WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f48d140626338b6 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:145
        files("litellm")
        .joinpath("provider_endpoints_support_backup.json")
        .read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd3c47c2945bbb45 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:349
    with open(provider_create_fields_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fc5e2f6b719d0c1 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:439
    with open(agent_create_fields_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ad86f8c422be75b Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:442
    with open(provider_create_fields_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b0f4e09bfe0a0e1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/spend_tracking/spend_log_error_logger.py:43
    return str_to_bool(os.getenv(SUPPRESS_SPEND_LOG_TRACEBACKS_ENV)) is True

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc1734c185a3d0bd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/spend_tracking/spend_management_endpoints.py:2531
            db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1afa12b1737dcd82 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/spend_tracking/spend_tracking_utils.py:47
    max_length_str = os.getenv("MAX_STRING_LENGTH_PROMPT_IN_DB")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #156f3a6ee15759d3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:817
                os.environ[env_var_name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce8d67c99e5673ef Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:820
                os.environ.pop(env_var_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #268129838482e8aa Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:982
        os.environ["UI_LOGO_PATH"] = logo_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d07615a50acc9b7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:989
        if "UI_LOGO_PATH" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d2f3f34b135db80 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:990
            del os.environ["UI_LOGO_PATH"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e22088bbe1831207 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:1001
        os.environ["LITELLM_FAVICON_URL"] = favicon_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f507711410610a9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:1008
        if "LITELLM_FAVICON_URL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14b9757000e98893 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:1009
            del os.environ["LITELLM_FAVICON_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #757e2462669798f4 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:1391
    with open(file_path, "wb") as buffer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95928b8f32d17981 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:178
    if SendGridEmailLogger is not None and os.getenv("SENDGRID_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bd1ba962ffa5bd5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:182
    if ResendEmailLogger is not None and os.getenv("RESEND_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3a9bcb182ee69e9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:186
    if SMTPEmailLogger is not None and os.getenv("SMTP_HOST"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7bc24fbc0392b70 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:1675
        _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12fb2a98c5f93936 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2453
    os.environ.get("LITELLM_CONFIG_PARAM_CACHE_TTL_SECONDS", "60")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4920ba067fbb6f65 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2549
            os.getenv("IAM_TOKEN_DB_AUTH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c4bb3d8b8be71f7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2587
            1, int(os.getenv("PRISMA_RECONNECT_COOLDOWN_SECONDS", "15"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e87de1564fec4dfb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2590
            5, int(os.getenv("PRISMA_HEALTH_WATCHDOG_INTERVAL_SECONDS", "30"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3678b3ff962a9096 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2593
            str_to_bool(os.getenv("PRISMA_HEALTH_WATCHDOG_ENABLED", "true")) is True

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8259d3f5ecfe68d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2597
            float(os.getenv("PRISMA_HEALTH_WATCHDOG_PROBE_TIMEOUT_SECONDS", "5.0")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f158fc790f2e6354 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2600
            1.0, float(os.getenv("PRISMA_WATCHDOG_RECONNECT_TIMEOUT_SECONDS", "30.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcc2c5f3ecd457fb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2603
            0.5, float(os.getenv("PRISMA_AUTH_RECONNECT_TIMEOUT_SECONDS", "2.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2885b37fa662b100 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2607
            float(os.getenv("PRISMA_AUTH_RECONNECT_LOCK_TIMEOUT_SECONDS", "0.1")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42dfc37a78aec1f3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2611
            1, int(os.getenv("PRISMA_RECONNECT_ESCALATION_THRESHOLD", "3"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c056781b54b5186 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2707
            pg_schema = os.getenv("DATABASE_SCHEMA", "public")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #783fb00a4b3bc31d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4232
                db_url = os.getenv("DATABASE_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84c4658c7d79aad5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4254
                db_url = os.getenv("DATABASE_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae88ffb24e436738 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4722
    smtp_host = os.getenv("SMTP_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e10c7cc505d2ffb6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4723
    smtp_port = int(os.getenv("SMTP_PORT", "587"))  # default to port 587

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #247f6c0c8600ca18 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4724
    smtp_username = os.getenv("SMTP_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20a3cc4ffb35bc9c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4725
    smtp_password = os.getenv("SMTP_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #324e11e6239ea6cb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4726
    sender_email = os.getenv("SMTP_SENDER_EMAIL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee3aa564a975666c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4757
            if os.getenv("SMTP_TLS", "True") != "False":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76b6183d7580a10b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4946
                    base_url = os.getenv("SPEND_LOGS_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #408bc1a5f45dd23c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5464
    if redoc_url := os.getenv("REDOC_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5409bcc47043d260 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5467
    if str_to_bool(os.getenv("NO_REDOC")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb27da05a6fdeeaa Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5481
    if docs_url := os.getenv("DOCS_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec0b78c19b6897e3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5484
    if str_to_bool(os.getenv("NO_DOCS")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0aa726abd3455a3f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5498
    if openapi_url := os.getenv("OPENAPI_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45b6f02ed3a1e879 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5501
    if str_to_bool(os.getenv("NO_OPENAPI")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6404192224b176f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5625
    return os.getenv("PROXY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82aacb3227505904 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5635
    return os.getenv("SERVER_ROOT_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #019255dd16d70760 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5687
    database_host = os.getenv("DATABASE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50cce9b0e6956a88 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5688
    database_username = os.getenv("DATABASE_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ecbc5f4932639a1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5689
    database_password = os.getenv("DATABASE_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ce29aa55a587f06 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5690
    database_name = os.getenv("DATABASE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fea09a8d94688b5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5691
    database_schema = os.getenv("DATABASE_SCHEMA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03af0de98e69768e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/vertex_ai_endpoints/langfuse_endpoints.py:210
        or os.getenv("LANGFUSE_HOST", _DEFAULT_LANGFUSE_HOST)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #368be99a10cc2d87 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:161
        response = httpx.post(
            self.token_url,
            data={
                "grant_type": "client_credentials",
                "client_id": self.client_id,
                "client_secret": self.client_secret,
                "scope": scope,
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #854d9e2548a5afe7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/rag/ingestion/gemini_ingestion.py:154
        response = await client.post(
            url,
            json=request_body,
            headers={
                "Content-Type": "application/json",
                "x-goog-api-key": api_key,
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #54e1b50dbc3a4692 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/rag/ingestion/gemini_ingestion.py:278
        response = await client.post(
            url,
            json=request_body,
            headers=headers,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f45e3794afd90661 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/rag/ingestion/gemini_ingestion.py:320
        response = await client.put(
            upload_url,
            content=file_content,
            headers=headers,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d7d913d00abd5dd3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/rag/ingestion/s3_vectors_ingestion.py:243
            response = await self.async_httpx_client.put(
                url, data=data, headers=signed_headers
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6052e448612ce8d7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/rag/ingestion/s3_vectors_ingestion.py:247
            response = await self.async_httpx_client.post(
                url, data=data, headers=signed_headers
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #78ffef3273cf0e42 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/rag/ingestion/vertex_ai_ingestion.py:184
        response = await client.post(
            url,
            json=request_body,
            headers={
                "Authorization": f"Bearer {access_token}",
                "Content-Type": "application/json",
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #16cf6d74fd295c9e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/rag/ingestion/vertex_ai_ingestion.py:372
        response = await client.post(
            url,
            files=files,
            headers={
                "Authorization": f"Bearer {access_token}",
                "X-Goog-Upload-Protocol": "multipart",
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ee199ba6cbc90f69 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/rag/ingestion/vertex_ai_ingestion.py:460
        response = await client.post(
            url,
            json=request_body,
            headers={
                "Authorization": f"Bearer {access_token}",
                "Content-Type": "application/json",
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #cb7985e5f0e3c1e3 Environment-variable access.
pkgs/python/[email protected]/litellm/realtime_api/main.py:301
            or os.environ.get("LITELLM_AZURE_REALTIME_PROTOCOL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33e960ad7b07df15 Environment-variable access.
pkgs/python/[email protected]/litellm/router.py:7635
                    params[param_key] = os.environ.get(env_name, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58beced2894f71c0 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:22
    if "AWS_REGION_NAME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcb6c893056a9788 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:35
        kms_client = boto3.client("kms", region_name=os.getenv("AWS_REGION_NAME"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73c0c7dce6db840f Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:56
        if "AWS_REGION_NAME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2f3f7be7b41b7a2 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:62
        if os.getenv("LITELLM_LICENSE", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02a95bfaf68daa31 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:64
        elif os.getenv("LITELLM_SECRET_AWS_KMS_LITELLM_LICENSE", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10ed47b7e260ef74 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:80
            kms_client = boto3.client("kms", region_name=os.getenv("AWS_REGION_NAME"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65ce85cf6150c08b Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:89
        encrypted_value = os.getenv(secret_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e40d35f6f6458fde Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:132
    for k, v in os.environ.items():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0de685c472b62c76 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:65
            "AWS_REGION_NAME" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d6055abf5af9817 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:66
            and "AWS_REGION" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d23b0186c5cbcce5 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:67
            and "AWS_DEFAULT_REGION" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09a1109660c3eb5e Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:190
            return os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45e3b44ce44df546 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:27
        self.conjur_addr = os.getenv("CYBERARK_API_BASE", "http://127.0.0.1:8080")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1dc7366ecf1d7b9 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:28
        self.conjur_account = os.getenv("CYBERARK_ACCOUNT", "default")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #086f5f51fdcb795c Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:29
        self.conjur_username = os.getenv("CYBERARK_USERNAME", "admin")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #025566074ec33eed Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:30
        self.conjur_api_key = os.getenv("CYBERARK_API_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7926f5e512d0d990 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:33
        self.tls_cert_path = os.getenv("CYBERARK_CLIENT_CERT", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aebda8998c314a85 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:34
        self.tls_key_path = os.getenv("CYBERARK_CLIENT_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf232002f7fd0327 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:38
        ssl_verify_env = str_to_bool(os.getenv("CYBERARK_SSL_VERIFY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e832a5a534058fc Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:51
        _refresh_interval = int(os.environ.get("CYBERARK_REFRESH_INTERVAL", "300"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #2a1142514d0758fe Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:88
                resp = http_client.post(auth_url, content=self.conjur_api_key)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4509bb06bbd66f5a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:92
                resp = http_handler.client.post(auth_url, content=self.conjur_api_key)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3b9ad0d541a0e5ce Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:133
            resp = client.client.post(
                policy_url,
                headers={
                    **self._get_request_headers(),
                    "Content-Type": "application/x-yaml",
                },
                content=policy_yaml,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #736533f97aa8e218 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:12
        os.environ.get("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6330c2a6ee8927fb Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:13
        and os.environ.get("AZURE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4985056820f8709 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:14
        and os.environ.get("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29d7186f9c51a39b Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:17
    elif os.environ.get("AZURE_CLIENT_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ffdc3da10029a8d Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:20
        os.environ.get("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca92603341b0e7ea Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:21
        and os.environ.get("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dfa775540b5db1f Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:22
        and os.environ.get("AZURE_CERTIFICATE_PATH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa61df812fff9031 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:23
        and os.environ.get("AZURE_CERTIFICATE_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d92017be5da3772e Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:26
    elif os.environ.get("AZURE_CERTIFICATE_PASSWORD"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e85c8dede49a2648 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:28
    elif os.environ.get("AZURE_CERTIFICATE_PATH"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5506eade213ac18d Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:65
            os.environ.get("AZURE_SCOPE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86ea7678cf8a250b Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:73
        or os.environ.get("AZURE_CREDENTIAL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec3de7e28845d0cb Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:90
            client_id=os.environ["AZURE_CLIENT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e952405139cce950 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:91
            client_secret=os.environ["AZURE_CLIENT_SECRET"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0195c5100e445580 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:92
            tenant_id=os.environ["AZURE_TENANT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1edcd797723f841a Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:95
        credential = ManagedIdentityCredential(client_id=os.environ["AZURE_CLIENT_ID"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6be63f187a13e601 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:97
        if os.getenv("AZURE_CERTIFICATE_PASSWORD"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6df7aa37e6a01c2 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:99
                client_id=os.environ["AZURE_CLIENT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c869088d2ec96e0 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:100
                tenant_id=os.environ["AZURE_TENANT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d861d6ac3360fa1f Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:101
                certificate_path=os.environ["AZURE_CERTIFICATE_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83c28003dcd745c8 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:102
                password=os.environ["AZURE_CERTIFICATE_PASSWORD"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1363ab85b0d1bc8 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:106
                client_id=os.environ["AZURE_CLIENT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3c0df11ef58a459 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:107
                tenant_id=os.environ["AZURE_TENANT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #938a0fed745745f4 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:108
                certificate_path=os.environ["AZURE_CERTIFICATE_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #387e6de13d03c122 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_kms.py:19
    if "GOOGLE_APPLICATION_CREDENTIALS" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #269dc4f4929e09e3 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_kms.py:23
    if "GOOGLE_KMS_RESOURCE_NAME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #592da6901bd17395 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_kms.py:41
        litellm._google_kms_resource_name = os.getenv("GOOGLE_KMS_RESOURCE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #508b3202d3bda5f1 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:32
        self.PROJECT_ID = os.environ.get("GOOGLE_SECRET_MANAGER_PROJECT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c78ed7b5a878ecc Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:40
        _refresh_interval = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a781a4c38d4fd01 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:40
        _refresh_interval = os.environ.get(
            "GOOGLE_SECRET_MANAGER_REFRESH_INTERVAL", refresh_interval
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a03251442bc02797 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:50
        _always_read_secret_manager = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #853eeadce48a1cef Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:50
        _always_read_secret_manager = os.environ.get(
            "GOOGLE_SECRET_MANAGER_ALWAYS_READ_SECRET_MANAGER",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5af146ec07afad8 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:25
        self.vault_addr = os.getenv("HCP_VAULT_ADDR", "http://127.0.0.1:8200")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53889c0f3a9b8390 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:26
        self.vault_token = os.getenv("HCP_VAULT_TOKEN", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8525455eb6e95a5c Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:28
        self.vault_namespace = os.getenv("HCP_VAULT_NAMESPACE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e12fa5cd638de12 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:31
        self.vault_mount_name = os.getenv("HCP_VAULT_MOUNT_NAME", "secret")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee8831a49d2b9c0e Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:33
        self.vault_path_prefix = os.getenv("HCP_VAULT_PATH_PREFIX", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06ea4f98a8e4c2cb Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:36
        self.tls_cert_path = os.getenv("HCP_VAULT_CLIENT_CERT", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8731ed3a0a7f4a38 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:37
        self.tls_key_path = os.getenv("HCP_VAULT_CLIENT_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3cb23517d455b7e Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:38
        self.vault_cert_role = os.getenv("HCP_VAULT_CERT_ROLE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b952d6a91fd74cd5 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:41
        self.approle_role_id = os.getenv("HCP_VAULT_APPROLE_ROLE_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2927b9ab6db3471 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:42
        self.approle_secret_id = os.getenv("HCP_VAULT_APPROLE_SECRET_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9d30b87ccd76494 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:43
        self.approle_mount_path = os.getenv("HCP_VAULT_APPROLE_MOUNT_PATH", "approle")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #638aca0c11c34972 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:54
        _refresh_interval = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a34ee7d85f92b43f Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:54
        _refresh_interval = os.environ.get(
            "HCP_VAULT_REFRESH_INTERVAL", SECRET_MANAGER_REFRESH_INTERVAL
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #8f65ce36ea00ca57 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:198
            resp = client.post(
                login_url,
                headers=headers,
                json=self._get_tls_cert_auth_body(),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #aa1e96130cabcf01 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:31
    override = os.getenv("LITELLM_OIDC_ALLOWED_CREDENTIAL_DIRS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #919ad612468b8d96 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:196
            env_secret = os.getenv("CIRCLE_OIDC_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb220ec4cb5f5984 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:202
            env_secret = os.getenv("CIRCLE_OIDC_TOKEN_V2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7799aaf998796043 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:208
            actions_id_token_request_url = os.getenv("ACTIONS_ID_TOKEN_REQUEST_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c40e6a6db6e380e7 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:209
            actions_id_token_request_token = os.getenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb21be81b53247f9 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:239
            azure_federated_token_file = os.getenv("AZURE_FEDERATED_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f8f60b3628604cc Filesystem access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:254
            with open(azure_federated_token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c959bae9bd07be5 Filesystem access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:260
            with open(safe_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0059ed0275e6433e Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:265
            oidc_token = os.getenv(oidc_aud)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ecf3eaebb438f1c Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:271
            token_file_path = os.getenv(oidc_aud)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a86bce864cab7ec Filesystem access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:274
            with open(token_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb82fd95ee7b6942 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:309
                secret = os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be357e9e10fe9319 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:320
            secret = os.environ.get(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ef2ccfc5120a08e Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/secret_manager_handler.py:61
        encrypted_secret: Any = os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52c8a7807a7dae4f Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/secret_manager_handler.py:88
        encrypted_value = os.getenv(secret_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1bd6d544aee1927 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/secret_manager_handler.py:182
        secret = os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bc0ae8f9d2ca712 Environment-variable access.
pkgs/python/[email protected]/litellm/setup_wizard.py:133
    return sys.stdout.isatty() and os.environ.get("NO_COLOR") is None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b680ea6edb97fe0 Filesystem access.
pkgs/python/[email protected]/litellm/setup_wizard.py:243
            config_path.write_text(
                SetupWizard._build_config(providers, env_vars, master_key)
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6540a4eaa76243c Filesystem access.
pkgs/python/[email protected]/litellm/setup_wizard.py:287
        with open("/dev/tty", "rb") as tty_fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20d392f713ed35f5 Environment-variable access.
pkgs/python/[email protected]/litellm/types/integrations/slack_alerting.py:54
            os.getenv(
                "SLACK_DAILY_REPORT_FREQUENCY",
                int(SlackAlertingArgsEnum.daily_report_frequency.value),
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #508bbf2d3b8e8618 Environment-variable access.
pkgs/python/[email protected]/litellm/types/proxy/guardrails/guardrail_hooks/zscaler_ai_guard.py:91
        api_base = self.api_base or os.getenv(
            "ZSCALER_AI_GUARD_URL",
            "https://api.us1.zseclipse.net/v1/detection/execute-policy",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1454831e0b863068 Environment-variable access.
pkgs/python/[email protected]/litellm/types/proxy/guardrails/guardrail_hooks/zscaler_ai_guard.py:99
            env_policy = os.getenv("ZSCALER_AI_GUARD_POLICY_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #716d7f12bc6b371c Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6268
    no_proxy = os.getenv("NO_PROXY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b82cc6510e38c5ba Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6321
            if "OPENAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9df0b4101eaba1d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6327
                "AZURE_API_BASE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b1f4d758f6906e7 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6328
                and "AZURE_API_VERSION" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40c128ab50e95407 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6329
                and "AZURE_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abc0df05e5a01816 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6338
                "ANTHROPIC_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f09ff9857df097eb Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6339
                or "ANTHROPIC_AUTH_TOKEN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #021181a88b7113cd Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6345
            if "COHERE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cef97c0c9fe46af3 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6350
            if "REPLICATE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56bed07bad62d273 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6355
            if "OPENROUTER_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #038163812159f9fd Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6360
            if "VERCEL_AI_GATEWAY_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cbdd716bc9f1475 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6365
            if "DATAROBOT_API_TOKEN" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a16ea40d174c22ae Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6370
            if "VERTEXAI_PROJECT" in os.environ and "VERTEXAI_LOCATION" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81b5f225e9d55862 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6375
            if "HUGGINGFACE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1e33f9cf0a400e6 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6380
            if "AI21_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #deeb990d35b53402 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6385
            if "TOGETHERAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ed203e873e06d29 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6390
            if "ALEPH_ALPHA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bdc91f6c77d1dbf Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6395
            if "BASETEN_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87ffb36eb47ca0f0 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6400
            if "NLP_CLOUD_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72730c9c1eb080b0 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6406
                "AWS_ACCESS_KEY_ID" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f5f728eba9e7382 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6407
                and "AWS_SECRET_ACCESS_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f926d2b006868c5 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6410
                "AWS_ROLE_ARN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c759dee330ab5ff Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6411
                or "AWS_PROFILE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b689184649a7543 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6412
                or "AWS_WEB_IDENTITY_TOKEN_FILE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17afb320852f872e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6414
                in os.environ  # ECS task role

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63bfd13b3dc861ba Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6416
                in os.environ  # ECS/Fargate full URI credential delivery

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40317d85feb1b30a Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6423
            if "OLLAMA_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c3d7417ac4730c7 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6428
            if "ANYSCALE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f02cbbf91bf6a874 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6433
            if "DEEPINFRA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8eb5060d54ce40ad Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6438
            if "FEATHERLESS_AI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fafffdd43519203 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6443
            if ("GOOGLE_API_KEY" in os.environ) or ("GEMINI_API_KEY" in os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26e0d2cba9a00ace Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6449
            if "GROQ_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5d3d77e07f33943 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6454
            if "NVIDIA_NIM_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aec24873a251aecd Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6459
            if "CEREBRAS_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb19ceb69301ffe1 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6464
            if "BASETEN_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2629906f8c47697e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6469
            if "XAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #480180901d7cd889 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6474
            if "AI21_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba499b8628aaa79e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6479
            if "VOLCENGINE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14ad39a5d6c19f66 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6487
            if "CODESTRAL_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3a91c251ed57541 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6492
            if "DEEPSEEK_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e003fc4b9f26919b Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6497
            if "MISTRAL_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #370056724f18a453 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6502
            if "PALM_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a945f8d89b66987 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6507
            if "PERPLEXITYAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7750405fdc1ed2f5 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6512
            if "VOYAGE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21d8e6f5b4085542 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6517
            if "INFINITY_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87e93749565e5cbd Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6523
                "FIREWORKS_AI_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #181bd512e64a5662 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6524
                or "FIREWORKS_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e9cf600f0a31823 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6525
                or "FIREWORKSAI_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdbc1b56969ed284 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6526
                or "FIREWORKS_AI_TOKEN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #715e4abfccec2262 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6532
            if "CLOUDFLARE_API_KEY" in os.environ and (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d4e29ef7a2f8ac0 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6533
                "CLOUDFLARE_ACCOUNT_ID" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3eff25536861420 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6534
                or "CLOUDFLARE_API_BASE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbbef36e9d833005 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6541
            if "NOVITA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f2e877700805366 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6546
            if "NEBIUS_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68ede56c4be54d58 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6551
            if "WANDB_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2c01d5c8e818010 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6556
            if "DASHSCOPE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f0f598a540e816d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6561
            if "MOONSHOT_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57b49244b3800813 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6574
            if "OPENAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20fc1fe94388f978 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6581
                "ANTHROPIC_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d754c71b94df8c79 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6582
                or "ANTHROPIC_AUTH_TOKEN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b26d6acbfd4e8030 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6589
            if "COHERE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ae2066279586c82 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6595
            if "REPLICATE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae543f2b53805fea Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6601
            if "OPENROUTER_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f5bf35e49e6812f Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6607
            if "VERCEL_AI_GATEWAY_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79ca5fc022869fb9 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6613
            if "DATAROBOT_API_TOKEN" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1882b53f431f1ed9 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6623
            if "VERTEXAI_PROJECT" in os.environ and "VERTEXAI_LOCATION" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b171031886ff8c18 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6629
            if "HUGGINGFACE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17c0408fe2efa702 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6635
            if "AI21_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a6a9359bca2268e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6641
            if "TOGETHERAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4152ba4e5f60a815 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6647
            if "ALEPH_ALPHA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9160e37b62d0b197 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6653
            if "BASETEN_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69b387cebc9b7e83 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6659
            if "NLP_CLOUD_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4538dc4bd842eefc Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6664
            if "NOVITA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e8ca8b3109bb299 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6669
            if "NEBIUS_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a2a60cc7c2aceb1 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6674
            if "WANDB_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81aff0c6089fb582 Filesystem access.
pkgs/python/[email protected]/litellm/utils.py:7061
        with open(config_path, "r") as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #523651e71fa98e7e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:7338
            for k, v in os.environ.items()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3ad3551994a9150 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:7402
    environ_keys = os.environ.keys()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

lmnr

python dependency
medium telemetry dependency Excluded from app score #6b6cb95b0fcae38b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/__init__.py:4
from opentelemetry.sdk.trace.export import SpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dbb444c107cfee8d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/__init__.py:5
from opentelemetry.sdk.resources import SERVICE_NAME

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4ea68e1965945adf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/decorators/__init__.py:6
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1dbe4a2d48c4661a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/decorators/__init__.py:7
from opentelemetry.trace import Span, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #deeb10fbfa94ffd8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/litellm/__init__.py:6
from opentelemetry.trace import SpanKind, Status, StatusCode, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6e91494503029e08 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/litellm/__init__.py:7
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1b84248c252b30ae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/litellm/utils.py:3
from opentelemetry.sdk.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9dfd77edb0d4388c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/litellm/utils.py:4
from opentelemetry.util.types import AttributeValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ed6f3fc7105f3808 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:6
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fcff40fc5bbfc3a9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:7
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c3ddff76b1b7f8e4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:8
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY, unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c166dc3defa1c39c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:9
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b684f18fb16d8c55 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:13
from opentelemetry.trace import Span, Tracer, get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2cbdfdc58e72f66b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:14
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2abc7994ad5aabc5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/rollout.py:14
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b6999e6b7b5873d6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/span_utils.py:5
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_REQUEST_FREQUENCY_PENALTY,
    GEN_AI_REQUEST_MAX_TOKENS,
    GEN_AI_REQUEST_MODEL,
    GEN_AI_REQUEST_PRESENCE_PENALTY,
    GEN_AI_REQUEST_TEMPERATURE,
    GEN_AI_REQUEST_TOP_P,
    GEN_AI_RESPONSE_ID,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #794634d2bc7fefee Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/streaming.py:3
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_RESPONSE_ID,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9409a244796225eb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/streaming.py:9
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1670da747e313848 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/utils.py:10
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5775284d682960c4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/__init__.py:6
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aa36abd4457a9812 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/__init__.py:7
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #986bed794c580f02 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/span_utils.py:11
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #781d96cb445aeeec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/span_utils.py:12
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9a8d800933bd4be8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:10
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8a582dcfaf9c9e4f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_agent/__init__.py:8
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3ad6d34ed273c3d2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_agent/__init__.py:9
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fed143398c32c87c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_agent/__init__.py:11
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1466aa5734848f74 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_agent/__init__.py:12
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d3403da4367236a8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:9
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #95df7ba72f725abe Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:10
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #05cac0fe9f987d6b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:12
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #72303c3993956491 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:13
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #46ecd1766c79a3d5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:14
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #41b8773c9dcba740 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:7
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aa42eee047650d64 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:8
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f09e0c808643ec94 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:9
from opentelemetry.trace import Status, StatusCode, Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8b633e0ad428ea16 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:10
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #075cebbbeab4ddcd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:11
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b25eafa7fe1bbb8b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:12
from opentelemetry._logs import LogRecord, Logger, get_logger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cadc7b364c71f2c7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:13
from opentelemetry._logs.severity import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f7d324ae513896cb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/deepagents/instrumentor.py:31
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f34533e9e73d52c0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/deepagents/instrumentor.py:32
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #71abc6568d83809b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:10
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0d9bb0078dea118b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:11
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9348641ef8812687 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:12
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY, unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d62ab3682c79fe8b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:13
from opentelemetry.semconv._incubating.attributes import gen_ai_attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1a0b7b4ee93ebde6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:14
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f2556d994c1a2bbb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:15
from opentelemetry.trace import Span, Status, StatusCode, Tracer, get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #762f65e932f61ce8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/utils.py:13
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9138603465399e4f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:6
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6c8c74b5f26eb654 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:22
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6d4b7200f7295df7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:23
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY, unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2b97ee81c8f6cacc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:24
from opentelemetry.trace import Tracer, get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0bf04101cf6253a1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:25
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b9a96e20f443e0c3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/span_utils.py:9
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_REQUEST_MAX_TOKENS,
    GEN_AI_REQUEST_MODEL,
    GEN_AI_REQUEST_TEMPERATURE,
    GEN_AI_REQUEST_TOP_P,
    GEN_AI_RESPONSE_ID,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_REQUEST_FREQUENCY_PENALTY,
    GEN_AI_REQUEST_PRESENCE_PENALTY,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #49d324ddec8e44c5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/utils.py:6
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #01373b5af0d37ea0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/kernel/__init__.py:13
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #693cc7576a22c255 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/kernel/__init__.py:14
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1108cd6ca089a6e0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/kernel/__init__.py:16
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2a05bd7ae5781a3f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langfuse/__init__.py:44
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #02906895902fb55d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langfuse/__init__.py:45
from opentelemetry.sdk.trace import ReadableSpan, Span, SpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #808d35d8accf316b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langfuse/__init__.py:46
from opentelemetry.sdk.trace import TracerProvider as SdkTracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #87569b534497e9e1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:12
from opentelemetry.trace import Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f52d02ab4f37d939 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:14
from opentelemetry.trace import get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b982dbc04a78ddf3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:15
from opentelemetry.context import get_value, attach, set_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cc492d49557885a7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:17
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d7e99e1b7945c9f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:18
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f279366ec1c0ef07 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/utils.py:5
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fc8a49dd21f4e025 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/__init__.py:4
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ee389390fc66c6f4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/completions/__init__.py:3
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #efdce97673068d02 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/completions/__init__.py:15
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7e95130a0c236438 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/completions/streaming.py:4
from opentelemetry.trace import Span, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eb637c75f156d57f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/responses/__init__.py:3
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #83cc644bb67fdc91 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/responses/__init__.py:14
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8958bbce0d1f16ef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/responses/streaming.py:3
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f0e38b23682fa47f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/responses/streaming.py:7
from opentelemetry.trace import Span, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #42f0a9343080ef69 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/__init__.py:8
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7194014836d06454 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/__init__.py:12
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_REQUEST_FREQUENCY_PENALTY,
    GEN_AI_REQUEST_MAX_TOKENS,
    GEN_AI_REQUEST_MODEL,
    GEN_AI_REQUEST_PRESENCE_PENALTY,
    GEN_AI_REQUEST_TEMPERATURE,
    GEN_AI_REQUEST_TOP_P,
    GEN_AI_RESPONSE_ID,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_SYSTEM,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dafc0498c6c3db22 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/__init__.py:25
from opentelemetry.semconv._incubating.attributes.openai_attributes import (
    OPENAI_RESPONSE_SYSTEM_FINGERPRINT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9781a4dd2d397f32 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/__init__.py:28
from opentelemetry.trace.propagation import set_span_in_context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #68832bfcfb18dbc3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/__init__.py:29
from opentelemetry.trace.propagation.tracecontext import TraceContextTextMapPropagator

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #14177d2927cc157a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:4
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d6e37d710b45cceb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:30
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #511236b6b41411c5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:31
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f7f98c21fd39cdc3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:32
from opentelemetry.trace import Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #84610cacaadaa3b9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:33
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4635b33a47eb48da Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/completion_wrappers.py:3
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fb3ce6badf3abbe3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/completion_wrappers.py:31
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #109f3700cfd35459 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/completion_wrappers.py:32
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #914e9989b1616f02 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/completion_wrappers.py:33
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8b6c40f83a72bf51 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/config.py:3
from opentelemetry._events import EventLogger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c5cd43143378f7b8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/embeddings_wrappers.py:3
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9e7117407bca6625 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/embeddings_wrappers.py:25
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ffa9ac09483c7f78 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/embeddings_wrappers.py:26
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #56257179e08fa820 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/embeddings_wrappers.py:27
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1ad27192aa53562c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/utils.py:10
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5330d151f50b2f8e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/utils.py:11
from opentelemetry._events import EventLogger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #53fb903aa7bbcf87 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v0/__init__.py:3
from opentelemetry._events import get_event_logger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d9c571bb56f9c5eb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v0/__init__.py:4
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9fabcad3724b1263 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v0/__init__.py:19
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #23f2e549a1b5fedd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v0/__init__.py:20
from opentelemetry.trace import get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a1d171950a283ebb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/__init__.py:3
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #67adbba7b02ab7cd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/__init__.py:34
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #379e9ac6cd4c0112 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/__init__.py:35
from opentelemetry.trace import get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #19cc133f5e4e1f9c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:4
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ffc7af515e57218a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:5
from opentelemetry.trace import Span, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #02d5e4ad6bf92a8d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:18
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d24a02b0bd57018e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:19
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e4ea7ada754a7d5d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:20
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_REQUEST_MODEL,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8e7accfcfe722cd6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:26
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #509e4db2399a8b4b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/event_handler_wrapper.py:3
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b62566a788f29671 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/event_handler_wrapper.py:4
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d3f300c8d2ebd431 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/event_handler_wrapper.py:8
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d7bfa46a64e01c72 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:48
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3fe87c5f7d078a24 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:49
from opentelemetry.context import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cb1ca1f08590bbfb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:50
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4eb6aafa4bec3ed4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:51
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_REQUEST_MODEL,
    GEN_AI_RESPONSE_ID,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,
    GEN_AI_RESPONSE_MODEL,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #06a7a64e01b0a497 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:58
from opentelemetry.trace import SpanKind, Span, StatusCode, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1b0cdd9ceed1c966 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai_agents/helpers.py:9
from opentelemetry.context import create_key

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #048d95b9a21d2085 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai_agents/instrumentor.py:8
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e5f5ba009c4ea1d1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai_agents/instrumentor.py:9
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9d8960647abd85a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai_agents/processor.py:10
from opentelemetry.context import get_value, set_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #953e80e02b3f8810 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai_agents/span_data.py:7
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bc08e892263914d9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/opentelemetry/__init__.py:1
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9229967294dc0315 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/opentelemetry/__init__.py:2
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a77fefe66f143ad4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/opentelemetry/__init__.py:3
from opentelemetry.trace import TraceFlags, SpanContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4eb32c86777ecbd7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/pydantic_ai/__init__.py:30
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3ccc6c46ed34e651 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/pydantic_ai/__init__.py:31
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4e0189e5cf2a59ca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/base_instrumentor.py:8
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5256a396d20c397f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/base_instrumentor.py:9
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #85dc874e7cc22e4b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/types.py:3
from opentelemetry.trace import Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #38c37b7555556354 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/utils.py:6
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a5d9f4a7838d091d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/utils.py:7
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8ff056bfce2f2945 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/utils.py:8
from opentelemetry.util.types import AttributeValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d42c233a258288f1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/skyvern/__init__.py:5
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8d338bebce7c8bc5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/skyvern/__init__.py:6
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8127e41be0003c46 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/skyvern/__init__.py:7
from opentelemetry.trace import get_tracer, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #64371fc231e779ee Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/temporal/__init__.py:24
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f9be7abe685693c4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/temporal/__init__.py:27
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1c5751a5a4a69293 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/threading/__init__.py:59
from opentelemetry import context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #92ff8b9769cf269f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/threading/__init__.py:60
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8086409992b4f068 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/threading/__init__.py:61
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d28f637b7d4bec32 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:5
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c8becd1f7707d62b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:6
from opentelemetry._logs import set_logger_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dadbb1391620e74e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:7
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ae4a723c24e3d2e7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:8
from opentelemetry.sdk._logs import LoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9a75a77d0fdca1f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:9
from opentelemetry.sdk._logs.export import BatchLogRecordProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f898b25652ae7ecc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:10
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3195e41daebe0ec1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:11
from opentelemetry.sdk.trace import SpanProcessor, TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #76ca34310b22e13e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:12
from opentelemetry.sdk.trace.export import SpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #41da7fb71ca14eb2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:3
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4a807bfe2fba96d1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:27
        from opentelemetry.instrumentation.alephalpha import AlephAlphaInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0c1673c4b3a71f40 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:49
        from opentelemetry.instrumentation.bedrock import BedrockInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #891f53e91a4f1dff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:120
        from opentelemetry.instrumentation.chromadb import ChromaInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3f5486bb9980a900 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:145
        from opentelemetry.instrumentation.cohere import CohereInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6b370ae1f59acb6e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:157
        from opentelemetry.instrumentation.crewai import CrewAiInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6ceedcbf513a9052 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:235
        from opentelemetry.instrumentation.haystack import HaystackInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cc55ca1894b259fd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:257
        from opentelemetry.instrumentation.lancedb import LanceInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #43ae3e34f0153721 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:269
        from opentelemetry.instrumentation.langchain import LangchainInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0829ff5f2c5be3f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:352
        from opentelemetry.instrumentation.llamaindex import LlamaIndexInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cddda37d77e5f03b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:364
        from opentelemetry.instrumentation.marqo import MarqoInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9ef3e238cf4f2836 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:376
        from opentelemetry.instrumentation.mcp import McpInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ab86a327dd56b0d0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:388
        from opentelemetry.instrumentation.milvus import MilvusInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bfd6bf76733db2ac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:400
        from opentelemetry.instrumentation.mistralai import MistralAiInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4f36f149ea51d6e3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:412
        from opentelemetry.instrumentation.ollama import OllamaInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e26a2c03bfbdf656 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:470
        from opentelemetry.instrumentation.pinecone import PineconeInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2658966662496966 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:512
        from opentelemetry.instrumentation.qdrant import QdrantInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ac6fd36d8999da46 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:524
        from opentelemetry.instrumentation.replicate import ReplicateInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6c3a28e24dbc504c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:536
        from opentelemetry.instrumentation.sagemaker import SageMakerInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #841792312ff2842b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:568
        from opentelemetry.instrumentation.together import TogetherAiInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #db664fa9171db645 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:581
        from opentelemetry.instrumentation.transformers import TransformersInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6961a1077b53ebcc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:593
        from opentelemetry.instrumentation.vertexai import VertexAIInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #76ee28313e5aa70d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:608
        from opentelemetry.instrumentation.watsonx import WatsonxInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1da35b750095360e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:620
        from opentelemetry.instrumentation.weaviate import WeaviateInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8d0c7715359b3f49 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/attributes.py:2
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_SYSTEM,
    GEN_AI_REQUEST_MODEL,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,
    GEN_AI_RESPONSE_ID,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8026148b514bd046 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/context.py:7
from opentelemetry.context import Context, Token, create_key, get_value, set_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a0ea6eb92908f21a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:6
from opentelemetry.sdk.trace.export import SpanExporter, SpanExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8690d7cd501d22ff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:7
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #95e29de9bb980d41 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:8
from opentelemetry.sdk._logs import ReadableLogRecord

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3d00203e6084038b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:9
from opentelemetry.sdk._logs.export import LogRecordExporter, LogRecordExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8a9ae98c8db498f1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:10
from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import (
    OTLPSpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #365f0e1f6dc1801e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:13
from opentelemetry.exporter.otlp.proto.grpc._log_exporter import (
    OTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9d7e5fbd7481d4cb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:16
from opentelemetry.exporter.otlp.proto.http import Compression as HTTPCompression

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3fb30ce072bb0a18 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:17
from opentelemetry.exporter.otlp.proto.http.trace_exporter import (
    OTLPSpanExporter as HTTPOTLPSpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6d8f26859152c05c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:20
from opentelemetry.exporter.otlp.proto.http._log_exporter import (
    OTLPLogExporter as HTTPOTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #84f86f5d3c3b3023 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/instruments.py:6
from opentelemetry.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ceb45957e72cd5e0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/instruments.py:15
    from opentelemetry.sdk._logs import LoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #84cc1b53060f7bae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/instruments.py:16
    from opentelemetry.sdk.trace import SpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2410044af0de3b37 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/processor.py:5
from opentelemetry.context import Context, get_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #37f773a23700838a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/processor.py:6
from opentelemetry.sdk.trace import ReadableSpan, Span, SpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0213e4a26174c476 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/processor.py:7
from opentelemetry.sdk.trace.export import (
    BatchSpanProcessor,
    SimpleSpanProcessor,
    SpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1c20249fa8144855 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:8
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f63d6f553b60fa6e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:9
from opentelemetry.sdk.trace import Event, ReadableSpan, Span as SDKSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #96d753942749b0ac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:10
from opentelemetry.sdk.util.instrumentation import (
    InstrumentationInfo,
    InstrumentationScope,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #33f68cc6d03cf86b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:14
from opentelemetry.trace import Link, Span, SpanContext, SpanKind, Status

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #290137ac807427e3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:15
from opentelemetry.util.types import AttributeValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d8183d97c9852109 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:16
from opentelemetry.context import detach

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f5498cd4839d8981 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/tracer.py:4
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4d7d7fbd37df1afd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/tracer.py:5
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b00cf9bfbadbd13b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/utils.py:1
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #32170c151f5baec0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_cdp_otel.py:12
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6460b33733a60eeb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_cdp_otel.py:13
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f97d8b20a2e92bc9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_cdp_otel.py:14
from opentelemetry.trace import get_tracer, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c501238543e159b4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_otel.py:6
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0720dd3b832b0d03 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_otel.py:7
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #08ee9713ec2c11cd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_otel.py:8
from opentelemetry.trace import get_tracer, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8debbb8781cb85d5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/bubus_otel.py:7
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #72cec2b6cd5912c7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/bubus_otel.py:8
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d14eb1324f506568 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/bubus_otel.py:9
from opentelemetry.trace import NonRecordingSpan, get_current_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1d6ed7d2852957c7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/cdp_utils.py:9
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9fc9d4918c4fa68e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/patchright_otel.py:10
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e2114596230e1e4b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/patchright_otel.py:11
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cae1d62d915caa18 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/patchright_otel.py:12
from opentelemetry.trace import get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e5d557c849b93ae4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/playwright_otel.py:15
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e93971190b993d7d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/playwright_otel.py:16
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2bb0c8d6465279c0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/playwright_otel.py:17
from opentelemetry.trace import (
    get_tracer,
    Tracer,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #397bbad81005fe05 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/pw_utils.py:7
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #72d8d281f61257d2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/debug/replay.py:17
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2298ece0765620d6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:15
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #90a0246d8b33eae6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:16
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c32abe13d0ed2202 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:17
from opentelemetry.context import Context, get_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2c7ef8311765ced1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:18
from opentelemetry.sdk.trace.id_generator import RandomIdGenerator

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f81febbd21ca8130 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:19
from opentelemetry.trace import INVALID_TRACE_ID, Span, Status, StatusCode, use_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #505d35285a1810a8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:20
from opentelemetry.util.types import AttributeValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b2c9de56fc330011 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/types.py:10
from opentelemetry.trace import SpanContext, TraceFlags

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 92 low-confidence finding(s)
low env_fs dependency Excluded from app score #1949491056b8a9fa Filesystem access.
pkgs/python/[email protected]/src/lmnr/cli/datasets.py:113
        output_path.write_text(_dump_json([item.model_dump() for item in data]))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdbc23b13177be86 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/cli/evals.py:33
        os.environ["LMNR_FRONTEND_PORT"] = str(args.frontend_port)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d05e6fba4d4f5d1 Filesystem access.
pkgs/python/[email protected]/src/lmnr/cli/evals.py:112
            with open(args.output_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #6b802f11589ec747 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/cli/rules.py:28
        with urllib.request.urlopen(url) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #ba6f5ecba3a50d0b Filesystem access.
pkgs/python/[email protected]/src/lmnr/cli/rules.py:32
        with open(target_file, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59dcc6916f7e4a3c Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/utils.py:27
        os.getenv(LMNR_TRACE_CONTENT) or "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa45d33c1e89f14a Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/proxy.py:32
        env_val = os.environ.get("LMNR_CC_PROXY_MAX_PORTS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d68768b743dc0c6 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:40
        if key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10f1f2b2aaa6b55d Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:42
            snapshot[key] = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #249832f54e6c6b14 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:58
            os.environ[key] = value if value is not None else ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #973f3d53e78a9f79 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:60
            os.environ.pop(key, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a3431daf621999a Filesystem access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:106
        with open(config_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7baee2bc029fa190 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:157
        return env_dict.get(key) or os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18abc9d850660ac6 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:252
        "ANTHROPIC_BASE_URL": os.environ.get("ANTHROPIC_BASE_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9eedd600fad0315e Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:253
        "ANTHROPIC_ORIGINAL_BASE_URL": os.environ.get("ANTHROPIC_ORIGINAL_BASE_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e36199e280ccbe0 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:254
        "HTTP_PROXY": os.environ.get("HTTP_PROXY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19f49a1858085088 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:255
        "HTTPS_PROXY": os.environ.get("HTTPS_PROXY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bffc6f8267c999ef Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:260
    if "ANTHROPIC_ORIGINAL_BASE_URL" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0206412afa6917b Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:263
            os.environ["ANTHROPIC_ORIGINAL_BASE_URL"] = target

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4eef31fd0cf4784 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:267
    os.environ["ANTHROPIC_BASE_URL"] = proxy_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7cf2e1787571035 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:271
        os.environ.pop(proxy_var, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c354d29f18a49154 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:274
    if is_truthy_env(os.environ.get(FOUNDRY_USE_ENV)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45bd84487dee7d63 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:275
        snapshot[FOUNDRY_BASE_URL_ENV] = os.environ.get(FOUNDRY_BASE_URL_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #479f75fa0316308b Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:276
        snapshot[FOUNDRY_RESOURCE_ENV] = os.environ.get(FOUNDRY_RESOURCE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f232c4ca3fd4ff02 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:278
        os.environ[FOUNDRY_BASE_URL_ENV] = proxy_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9fe7fd23d3dc4e4 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:279
        os.environ.pop(FOUNDRY_RESOURCE_ENV, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36021ba676e7e746 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:282
    if is_truthy_env(os.environ.get(BEDROCK_USE_ENV)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a22a4c2c968ed05f Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:283
        snapshot[BEDROCK_BASE_URL_ENV] = os.environ.get(BEDROCK_BASE_URL_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3365cac6f92e7ee7 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:284
        os.environ[BEDROCK_BASE_URL_ENV] = proxy_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #430432e51a9d3003 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:287
    if is_truthy_env(os.environ.get(VERTEX_USE_ENV)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #245bf0ab77c7232f Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:288
        snapshot[VERTEX_BASE_URL_ENV] = os.environ.get(VERTEX_BASE_URL_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c58ef1a74615126a Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:289
        os.environ[VERTEX_BASE_URL_ENV] = proxy_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af0528bd29440b01 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:216
            if FOUNDRY_RESOURCE_ENV in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #470590fd24e32381 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:217
                original_env[FOUNDRY_RESOURCE_ENV] = os.environ[FOUNDRY_RESOURCE_ENV]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12ad2281695e01b8 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:219
                os.environ.pop(FOUNDRY_RESOURCE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f82075de067aab73 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:223
                if proxy_var in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d239896660fa0aa4 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:224
                    original_env[proxy_var] = os.environ[proxy_var]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65b7ae900df40cf8 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:226
                    os.environ.pop(proxy_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #212d6645885e92b2 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:406
        return options.env.get(key) or os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe9b6ac84158edc8 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:85
        os.getenv("LAMINAR_TRACE_CONTENT") or "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d07732311a4d67f Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/utils.py:21
        os.getenv(LMNR_TRACE_CONTENT) or "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fac7147ca71c17b1 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/utils.py:142
        os.getenv(LMNR_TRACE_CONTENT) or "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1650f45014ab8c4e Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/browser/cdp_utils.py:58
with open(os.path.join(current_dir, "recorder", "record.umd.min.cjs"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #909b805721f53670 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/browser/cdp_utils.py:61
with open(os.path.join(current_dir, "inject_script.js"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a072ad2841de6a2 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/browser/pw_utils.py:129
with open(os.path.join(current_dir, "recorder", "record.umd.min.cjs"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7da6e949026fdd71 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/browser/pw_utils.py:132
with open(os.path.join(current_dir, "inject_script.js"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #6916c964e7c31e38 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/browser_events.py:30
        response = await self._client.post(
            url,
            content=compressed_payload,
            headers={
                **self._headers(),
                "Content-Encoding": "gzip",
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #007ee40be946f374 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/datasets.py:78
            response = await self._client.post(
                f"{self._base_url}/v1/datasets/datapoints",
                json={
                    **identifier,
                    "datapoints": [serialize(point) for point in batch],
                    "createDataset": create_dataset,
                },
                headers=self._headers(),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #90ec1c01fce63f1b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/evals.py:41
        response = await self._client.post(
            self._base_url + "/v1/evals",
            json={
                "name": name,
                "groupName": group_name,
                "metadata": metadata,
            },
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #876088066d1ff6ba Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/evals.py:137
        response = await self._client.post(
            self._base_url + f"/v1/evals/{eval_id}/datapoints",
            json={
                "points": points,
                "groupName": group_name,
            },
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4f78acdb7190e187 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/evals.py:214
        response = await self._client.post(
            self._base_url + f"/v1/evals/{eval_id}/datapoints/{datapoint_id}",
            json={
                "executorOutput": (
                    json_dumps(serialize(executor_output))[
                        :INITIAL_EVALUATION_DATAPOINT_MAX_DATA_LENGTH
                    ]
                    if executor_output is not None
                    else None
                ),
                "scores": scores,
                "traceId": str(trace_id) if trace_id is not None else None,
            },
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #988b63f14b6b417c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/evals.py:256
            response = await self._client.post(
                self._base_url + f"/v1/evals/{eval_id}/datapoints",
                json={
                    "points": points,
                    "groupName": group_name,
                },
                headers=self._headers(),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #48e8b4c66afc6658 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/evaluators.py:76
        response = await self._client.post(
            self._base_url + "/v1/evaluators/score",
            json=payload,
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4dac3e2a80209e09 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/rollout_sessions.py:38
        response = await self._client.post(
            f"{self._base_url}/v1/rollouts/{session_id}",
            headers=self._headers(),
            json={"name": name},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b643437b9a77dc6d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/rollout_sessions.py:76
        response = await self._client.post(
            f"{self._base_url}/v1/rollouts/{session_id}/blocks",
            headers=self._headers(),
            json={"type": type, "content": content},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9b115e3caf6cf879 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/rollout_sessions.py:135
            response = await self._client.post(
                f"{self._base_url}/v1/rollouts/{session_id}/cache",
                headers=self._headers(),
                json={
                    "replayTraceId": str(replay_trace_id),
                    "cacheUntil": cache_until,
                    "inputHash": input_hash,
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #336195e429567a5a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/sql.py:41
        response = await self._client.post(
            f"{self._base_url}/v1/sql/query",
            headers=self._headers(),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7bfc5ab21d4b20a9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/tags.py:65
        response = await self._client.post(
            url,
            content=json.dumps(payload),
            headers={
                **self._headers(),
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0e27d205ddf4bbf8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/traces.py:79
        response = await self._client.post(
            self._base_url + "/v1/traces/metadata",
            json={"traceId": formatted_trace_id, "metadata": metadata},
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7c79266f7831fd7e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/browser_events.py:29
        response = self._client.post(
            url,
            content=compressed_payload,
            headers={
                **self._headers(),
                "Content-Encoding": "gzip",
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a66b680e8c7be7f7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/datasets.py:78
            response = self._client.post(
                f"{self._base_url}/v1/datasets/datapoints",
                json={
                    **identifier,
                    "datapoints": [serialize(point) for point in batch],
                    "createDataset": create_dataset,
                },
                headers=self._headers(),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4b9357505007fa96 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/evals.py:41
        response = self._client.post(
            self._base_url + "/v1/evals",
            json={
                "name": name,
                "groupName": group_name,
                "metadata": metadata,
            },
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a2f252614d591cce Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/evals.py:135
        response = self._client.post(
            self._base_url + f"/v1/evals/{eval_id}/datapoints",
            json={
                "points": points,
                "groupName": group_name,
            },
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e870beeac79857c8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/evals.py:170
        response = self._client.post(
            self._base_url + f"/v1/evals/{eval_id}/datapoints/{datapoint_id}",
            json={
                "executorOutput": (
                    json_dumps(serialize(executor_output))[
                        :INITIAL_EVALUATION_DATAPOINT_MAX_DATA_LENGTH
                    ]
                    if executor_output is not None
                    else None
                ),
                "scores": scores,
                "traceId": str(trace_id) if trace_id is not None else None,
            },
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #166600217c7febf2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/evals.py:253
            response = self._client.post(
                self._base_url + f"/v1/evals/{eval_id}/datapoints",
                json={
                    "points": points,
                    "groupName": group_name,
                },
                headers=self._headers(),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5d0fb1e33696ee86 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/evaluators.py:76
        response = self._client.post(
            self._base_url + "/v1/evaluators/score",
            json=payload,
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1d522d527bd7dedb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/rollout_sessions.py:35
        response = self._client.post(
            f"{self._base_url}/v1/rollouts/{session_id}",
            headers=self._headers(),
            json={"name": name},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b192e85125f7fc9e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/rollout_sessions.py:83
        response = self._client.post(
            f"{self._base_url}/v1/rollouts/{session_id}/blocks",
            headers=self._headers(),
            json={"type": type, "content": content},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6417d392dcadba3f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/rollout_sessions.py:148
            response = self._client.post(
                f"{self._base_url}/v1/rollouts/{session_id}/cache",
                headers=self._headers(),
                json={
                    "replayTraceId": str(replay_trace_id),
                    "cacheUntil": cache_until,
                    "inputHash": input_hash,
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #700bdb851ecb6d8f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/sql.py:41
        response = self._client.post(
            f"{self._base_url}/v1/sql/query",
            headers=self._headers(),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e27bd9504132ccf7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/tags.py:65
        response = self._client.post(
            url,
            content=json.dumps(payload),
            headers={
                **self._headers(),
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0eef97ba2bea2055 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/traces.py:79
        response = self._client.post(
            self._base_url + "/v1/traces/metadata",
            json={"traceId": formatted_trace_id, "metadata": metadata},
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #73302e7bed04751e Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/datasets/file_utils.py:47
        result = orjson.loads(file.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ef30a94e518c450 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/datasets/file_utils.py:53
        return [dict(row) for row in csv.DictReader(file.read_text().splitlines())]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1c6503666ea61c1 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/datasets/file_utils.py:56
            orjson.loads(line) for line in file.read_text().splitlines() if line.strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcaf4d4753486045 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/debug/config.py:140
    if not _is_truthy(os.environ.get("LMNR_DEBUG")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b412ff48eb424c6b Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/debug/config.py:151
        os.environ.get("LMNR_DEBUG_SESSION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea5285f50979198d Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/debug/config.py:162
        os.environ.get("LMNR_DEBUG_REPLAY_TRACE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f0d90f88ea72a7f Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/debug/config.py:166
    cache_until_value = os.environ.get("LMNR_DEBUG_CACHE_UNTIL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44ab5bdec639653c Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/debug/debug_session_file.py:51
        with open(path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #483e385b017ca553 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/debug/debug_session_file.py:116
        with open(
            os.path.join(target_dir, DEBUG_SESSION_FILE), "w", encoding="utf-8"
        ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bff337fcd7fa927 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:345
        if env_metadata_str := os.getenv("LMNR_TRACE_METADATA"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d010e68075dfa520 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:352
        if not os.getenv("OTEL_ATTRIBUTE_COUNT_LIMIT"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97112f73eddf687c Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:355
            os.environ["OTEL_ATTRIBUTE_COUNT_LIMIT"] = "10000"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cff37c95b6a0ffc7 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:366
            os.environ.get("LMNR_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97fa5e9b3d01d055 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:409
        env_context = os.getenv("LMNR_SPAN_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14e06a2a692c0ad0 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:524
            if not _is_truthy(os.environ.get("LMNR_DEBUG")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0d22cc87302a269 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:561
            debugger_url = os.getenv("LMNR_FRONTEND_URL") or get_frontend_url(base_url)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef7bfeb2eb09a73c Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:705
            debugger_url = os.getenv("LMNR_FRONTEND_URL") or get_frontend_url(base_url)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29aa660da64a58e4 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/log.py:70
    if val := os.getenv("LMNR_LOG_LEVEL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e36bccbf2d7e8765 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/utils.py:124
    if val := os.getenv(key):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #cf2469a1877dd6ee Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/version.py:23
        response = httpx.get("https://pypi.org/pypi/lmnr/json")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

posthog

python dependency
medium telemetry dependency Excluded from app score #a2661de4a0ae1bd2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:6
from posthog.args import (
    ID_TYPES as ID_TYPES,
    ExceptionArg,
    OptionalCaptureArgs,
    OptionalSetArgs,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7fab6bab0bdb76f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:12
from posthog.capture_compression import CaptureCompression as CaptureCompression

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ec2eb30f8efc2674 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:13
from posthog.capture_mode import CaptureMode as CaptureMode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b7d1e2399de0f722 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:14
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e4478d3babe8a6d2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:15
from posthog.exception_capture import ExceptionCapture

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6e2804f44d7a5449 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:16
from posthog.contexts import (
    identify_context as inner_identify_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #94afd560a489faf8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:19
from posthog.contexts import (
    new_context as inner_new_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #730945180ef1fb7c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:22
from posthog.contexts import (
    scoped as inner_scoped,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eb3c3b96aad44818 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:25
from posthog.contexts import (
    set_capture_exception_code_variables_context as inner_set_capture_exception_code_variables_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a39d565e39025625 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:28
from posthog.contexts import (
    set_code_variables_ignore_patterns_context as inner_set_code_variables_ignore_patterns_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #af227eaf19ffaade Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:31
from posthog.contexts import (
    set_code_variables_mask_patterns_context as inner_set_code_variables_mask_patterns_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dcc4ff7bb466f96d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:34
from posthog.contexts import (
    set_code_variables_mask_url_credentials_context as inner_set_code_variables_mask_url_credentials_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f1b5c808e2fa62ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:37
from posthog.contexts import (
    set_code_variables_detect_secrets_context as inner_set_code_variables_detect_secrets_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d63d034911256da2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:40
from posthog.contexts import (
    set_context_device_id as inner_set_context_device_id,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f90cedde88d30ab7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:43
from posthog.contexts import (
    set_context_session as inner_set_context_session,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4698927b50398f63 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:46
from posthog.contexts import (
    tag as inner_tag,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #884a3d1002dde6b6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:49
from posthog.contexts import (
    get_tags as inner_get_tags,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #81882933cee37c3b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:52
from posthog.exception_utils import (
    DEFAULT_CODE_VARIABLES_DETECT_SECRETS,
    DEFAULT_CODE_VARIABLES_IGNORE_PATTERNS,
    DEFAULT_CODE_VARIABLES_MASK_PATTERNS,
    DEFAULT_CODE_VARIABLES_MASK_URL_CREDENTIALS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9ef341537a3b7921 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:58
from posthog.feature_flag_evaluations import (
    FeatureFlagEvaluations as FeatureFlagEvaluations,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c27e8b37da2678fe Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:61
from posthog.feature_flags import (
    InconclusiveMatchError as InconclusiveMatchError,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ea58e473d5aca661 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:64
from posthog.feature_flags import (
    RequiresServerEvaluation as RequiresServerEvaluation,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #75537ed2a2bed315 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:67
from posthog.flag_definition_cache import (
    FlagDefinitionCacheData as FlagDefinitionCacheData,
    FlagDefinitionCacheProvider as FlagDefinitionCacheProvider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #13bf75e7edf72233 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:71
from posthog.request import (
    disable_connection_reuse as disable_connection_reuse,
    enable_keep_alive as enable_keep_alive,
    set_socket_options as set_socket_options,
    SocketOptions as SocketOptions,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fa4dfc8050bb092c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:77
from posthog.types import (
    BeforeSendCallback as BeforeSendCallback,
    FeatureFlag as FeatureFlag,
    FlagValue as FlagValue,
    FlagsAndPayloads as FlagsAndPayloads,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #60ad39d1c5623f29 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:83
from posthog.types import (
    FeatureFlagResult as FeatureFlagResult,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0de6fafe3b07aa0e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:86
from posthog.version import VERSION

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9e7b2b1a13cd46a1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/__init__.py:1
from posthog.ai.prompts import PromptResult, PromptSource, Prompts

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ab7f8529dd2dc8e5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:13
from posthog.ai.types import StreamingContentBlock, TokenUsage, ToolInProgress

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f803fe3cde77e29a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:14
from posthog.ai.utils import (
    call_llm_and_track_usage,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6f660f4363426a69 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:18
from posthog.ai.anthropic.anthropic_converter import (
    extract_anthropic_usage_from_event,
    handle_anthropic_content_block_start,
    handle_anthropic_text_delta,
    handle_anthropic_tool_delta,
    finalize_anthropic_tool_input,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4270bc4fb28e99d5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:25
from posthog.ai.sanitization import sanitize_anthropic

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d7fdf474715d00f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:26
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fbd8a44b5e073176 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:27
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #076eb17c60f4941a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:244
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #99158027a8ef98ca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:245
        from posthog.ai.anthropic.anthropic_converter import (
            format_anthropic_streaming_input,
            format_anthropic_streaming_output_complete,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dc11df10fda55361 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:249
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4de1b1f70ac72759 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:13
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #57514cfe0c4c4a1e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:14
from posthog.ai.stream import AsyncStreamWrapper

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e60f701449da30b9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:15
from posthog.ai.types import StreamingContentBlock, TokenUsage, ToolInProgress

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4f83d02c79560bcc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:16
from posthog.ai.utils import (
    call_llm_and_track_usage_async,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #df6e633e8e82a623 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:20
from posthog.ai.anthropic.anthropic_converter import (
    extract_anthropic_usage_from_event,
    handle_anthropic_content_block_start,
    handle_anthropic_text_delta,
    handle_anthropic_tool_delta,
    finalize_anthropic_tool_input,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9b44e2fe52c1e9f7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:27
from posthog.ai.sanitization import sanitize_anthropic

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0d860884861e0d6c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:28
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2e957b321daa0bc9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:245
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #840c94fab19db2c9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:246
        from posthog.ai.anthropic.anthropic_converter import (
            format_anthropic_streaming_input,
            format_anthropic_streaming_output_complete,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1d69e438f6eaf62c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:250
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #044f1c512fd66e48 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_converter.py:11
from posthog.ai.types import (
    FormattedContentItem,
    FormattedFunctionCall,
    FormattedMessage,
    FormattedTextContent,
    StreamingContentBlock,
    TokenUsage,
    ToolInProgress,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5a3308105d9979d1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_converter.py:20
from posthog.ai.utils import serialize_raw_usage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #82e4e3375734af5f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_converter.py:435
    from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e12c8a0c187c9cff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:10
from posthog.ai.anthropic.anthropic import WrappedMessages

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #95ff5f003c195505 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:11
from posthog.ai.anthropic.anthropic_async import AsyncWrappedMessages

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #50e8968bcc6a6e7b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:12
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #95fb4bf0dd975391 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:13
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a3dfd619d31e6ba7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/__init__.py:9
    from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #36196753b8c1187d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/__init__.py:18
from posthog.ai.claude_agent_sdk.client import PostHogClaudeSDKClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c031fee0ede20beb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/__init__.py:19
from posthog.ai.claude_agent_sdk.processor import PostHogClaudeAgentProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3fb3f2fdbffa47c3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/client.py:26
from posthog.ai.claude_agent_sdk.processor import (
    PostHogClaudeAgentProcessor,
    _GenerationTracker,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #953e4999572b408d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/client.py:30
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #923c6ddd9aecd439 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/processor.py:27
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a718ad969299f6f7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/processor.py:28
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #09812000a39b632a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:6
from posthog.ai.types import TokenUsage, StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #80938fcc69129fe2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:7
from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3a010040db417e0e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:16
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2743cad7308d76a6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:17
from posthog.ai.utils import (
    call_llm_and_track_usage,
    capture_streaming_event,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #16147c7d3275c835 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:22
from posthog.ai.gemini.gemini_converter import (
    extract_gemini_embedding_token_count,
    extract_gemini_usage_from_chunk,
    extract_gemini_content_from_chunk,
    extract_gemini_stop_reason_from_chunk,
    format_gemini_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #40d144198a32a225 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:29
from posthog.ai.utils import with_privacy_mode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #39503a524f949631 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:30
from posthog.ai.sanitization import sanitize_gemini

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #62107982835b2e4e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:31
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6d91099f31f2e484 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:6
from posthog.ai.stream import AsyncStreamWrapper

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cafb512a9c664e24 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:7
from posthog.ai.types import TokenUsage, StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ea80a06a762b92a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:8
from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fe5e02dba921f289 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:17
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ccb7db4e8f588f8a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:18
from posthog.ai.utils import (
    call_llm_and_track_usage_async,
    capture_streaming_event,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #97c1c4c1cae8021a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:23
from posthog.ai.gemini.gemini_converter import (
    extract_gemini_embedding_token_count,
    extract_gemini_usage_from_chunk,
    extract_gemini_content_from_chunk,
    extract_gemini_stop_reason_from_chunk,
    format_gemini_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d96c1a3364a2174c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:30
from posthog.ai.utils import with_privacy_mode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #76e5da0a27d66c89 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:31
from posthog.ai.sanitization import sanitize_gemini

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bca26ea0d56c2dc0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:32
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bc6e4df7b340d332 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_converter.py:10
from posthog.ai.types import (
    FormattedContentItem,
    FormattedMessage,
    TokenUsage,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9d87b03144a05c1a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_converter.py:15
from posthog.ai.utils import serialize_raw_usage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c550462ff7874fba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_converter.py:370
            from posthog.ai.types import FormattedMessage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8452e8de2857e18c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:44
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c1938c54dbacf76b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:45
from posthog.ai.gateway import warn_if_posthog_ai_gateway

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #662e699cadb84f71 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:46
from posthog.ai.sanitization import sanitize_langchain

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7e9482942390ea86 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:47
from posthog.ai.utils import get_model_params, with_privacy_mode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2badcfe259b3ed92 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:48
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9e88b69de24bddb2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:5
from posthog.ai.types import TokenUsage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0610340c3096e898 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:14
from posthog.ai.utils import (
    call_llm_and_track_usage,
    extract_available_tool_calls,
    merge_usage_stats,
    with_privacy_mode,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #48c31341b232f80d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:20
from posthog.ai.openai.openai_converter import (
    extract_openai_usage_from_chunk,
    extract_openai_content_from_chunk,
    extract_openai_tool_calls_from_chunk,
    accumulate_openai_tool_calls,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #09c4854e0262429f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:26
from posthog.ai.sanitization import sanitize_openai, sanitize_openai_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2c154eb88c3a9907 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:27
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #03c85742b7d30a77 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:28
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a071ce1a3df0b4cf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:29
from posthog.ai.openai.wrapper_utils import _OpenAIWrapperResource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7ae9e55d4099f974 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:238
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #10f74a100c5515e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:239
        from posthog.ai.openai.openai_converter import (
            format_openai_streaming_input,
            format_openai_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9d13e4e042a64012 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:243
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cdae1211d266e293 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:507
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0d2071f4ac47764c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:508
        from posthog.ai.openai.openai_converter import (
            format_openai_streaming_input,
            format_openai_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #57f3cd7c3c897369 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:512
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6082eff8ff98bd96 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:5
from posthog.ai.stream import AsyncStreamWrapper

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #51357904940fed73 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:6
from posthog.ai.types import TokenUsage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b702d0c9473c60b2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:15
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #18b2d49bfbfa6b76 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:16
from posthog.ai.utils import (
    call_llm_and_track_usage_async,
    extract_available_tool_calls,
    get_model_params,
    merge_usage_stats,
    with_privacy_mode,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #492dbb17192bdf5e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:23
from posthog.ai.openai.openai_converter import (
    extract_openai_usage_from_chunk,
    extract_openai_content_from_chunk,
    extract_openai_tool_calls_from_chunk,
    accumulate_openai_tool_calls,
    format_openai_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f472dc80f6d0df05 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:30
from posthog.ai.sanitization import sanitize_openai, sanitize_openai_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5968e70b5aae8eb2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:31
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #73e068a409f79287 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:32
from posthog.ai.openai.wrapper_utils import _OpenAIWrapperResource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c6e1d80c9b6759c4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_converter.py:11
from posthog.ai.types import (
    FormattedContentItem,
    FormattedFunctionCall,
    FormattedImageContent,
    FormattedMessage,
    FormattedTextContent,
    TokenUsage,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #26e71ca3ececb704 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_converter.py:19
from posthog.ai.utils import serialize_raw_usage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f48f9c71c6c506b4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_converter.py:769
    from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1747bf5cfbdc383f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:8
from posthog.ai.openai.openai import (
    WrappedBeta,
    WrappedChat,
    WrappedEmbeddings,
    WrappedResponses,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3142cdf782f961e9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:14
from posthog.ai.openai.openai_async import WrappedBeta as AsyncWrappedBeta

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #424188f822400c46 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:15
from posthog.ai.openai.openai_async import WrappedChat as AsyncWrappedChat

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #71e41276c76b13d6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:16
from posthog.ai.openai.openai_async import WrappedEmbeddings as AsyncWrappedEmbeddings

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e7fcbd370fb05d97 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:17
from posthog.ai.openai.openai_async import WrappedResponses as AsyncWrappedResponses

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4668388bb61fd673 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:20
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c7883fca24625b9d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:21
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ae9dcacff96cf5de Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/__init__.py:8
    from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #72fa21636f77dfbf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/__init__.py:17
from posthog.ai.openai_agents.processor import PostHogTracingProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9537e0dbddfc429c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/processor.py:23
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #708c64f7f8367dfc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/processor.py:24
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #caa3cb8253398ea4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/__init__.py:29
from posthog.ai.otel.exporter import PostHogTraceExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #27f38db017af0971 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/__init__.py:30
from posthog.ai.otel.processor import PostHogSpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9b8cbcf5d8edd02a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/__init__.py:31
from posthog.ai.otel.spans import is_ai_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ff2e349c92653d19 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/exporter.py:10
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #133313a1f31cd48f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/exporter.py:11
from opentelemetry.sdk.trace.export import SpanExporter, SpanExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f357044017a88626 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/exporter.py:12
from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7a2a7b7945e9e5b5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/processor.py:10
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2c6420a4eabbd96a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/processor.py:11
from opentelemetry.sdk.trace import ReadableSpan, Span, SpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c325d46e4c0dc0ef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/processor.py:12
from opentelemetry.sdk.trace.export import BatchSpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #129cd4fa3719923a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/processor.py:13
from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c7bc336ecf74b75e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/spans.py:6
    from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4ccb438349e16170 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/prompts.py:15
from posthog.request import USER_AGENT, _get_session

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9f5201f9f5bc9aae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/prompts.py:16
from posthog.utils import remove_trailing_slash

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ad76bff953f4e91b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:5
from posthog import get_tags, identify_context, new_context, tag, contexts

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #28997cfbbc1de4f1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:6
from posthog.ai.gateway import warn_if_posthog_ai_gateway

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #50da37f6334c0fa8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:7
from posthog.ai.sanitization import (
    sanitize_anthropic,
    sanitize_gemini,
    sanitize_langchain,
    sanitize_openai,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e2b7da1681c78768 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:13
from posthog.ai.types import FormattedMessage, StreamingEventData, TokenUsage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #563c8045ad12d088 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:14
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9749cd6a381831ac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:197
        from posthog.ai.anthropic.anthropic_converter import (
            extract_anthropic_usage_from_response,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fcddc1375b467526 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:203
        from posthog.ai.openai.openai_converter import (
            extract_openai_usage_from_response,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c160cc9b6f2959eb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:209
        from posthog.ai.gemini.gemini_converter import (
            extract_gemini_usage_from_response,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #19756bdf5a2b6168 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:223
        from posthog.ai.anthropic.anthropic_converter import format_anthropic_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cd861237f543e4bf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:227
        from posthog.ai.openai.openai_converter import format_openai_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4df2315050837cf2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:231
        from posthog.ai.gemini.gemini_converter import format_gemini_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cb780634548614db Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:240
        from posthog.ai.openai.openai_converter import extract_openai_stop_reason

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #abdcd3f085deab12 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:244
        from posthog.ai.anthropic.anthropic_converter import (
            extract_anthropic_stop_reason,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bedce6ee57bb4b6b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:250
        from posthog.ai.gemini.gemini_converter import extract_gemini_stop_reason

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d59c5d673f3b43fa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:261
        from posthog.ai.anthropic.anthropic_converter import extract_anthropic_tools

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cbf1038a4b0fbc61 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:265
        from posthog.ai.gemini.gemini_converter import extract_gemini_tools

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #95e03e0d42ff40f9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:269
        from posthog.ai.openai.openai_converter import extract_openai_tools

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cb84be7c9f80fe7e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:282
        from posthog.ai.anthropic.anthropic_converter import format_anthropic_input

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #faea11a9ee4f9c34 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:288
        from posthog.ai.gemini.gemini_converter import format_gemini_input_with_system

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #34f5cfad1621ebdc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:294
        from posthog.ai.openai.openai_converter import format_openai_input

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #81f7388f895233e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/args.py:8
from posthog.types import SendFeatureFlagsOptions

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6b4caea12f35d8cd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/args.py:11
    from posthog.feature_flag_evaluations import FeatureFlagEvaluations

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #81c7e5a065a610ad Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/capture_v1.py:48
from posthog.capture_compression import CaptureCompression, _zstandard

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #59e494b97c86354e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/capture_v1.py:49
from posthog.request import (
    DatetimeSerializer,
    USER_AGENT,
    APIError,
    _get_session,
    normalize_host,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dbf3b324095219f9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/capture_v1.py:56
from posthog.utils import guess_timezone as _guess_timezone, remove_trailing_slash

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ec89564df4d251f9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:17
from posthog._async_utils import _BackgroundEventLoopRunner

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #252d89ab0b4e3443 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:18
from posthog.args import ID_TYPES, ExceptionArg, OptionalCaptureArgs, OptionalSetArgs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dfd7c8174fcb4620 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:19
from posthog.metrics_capture import PostHogMetrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #abef3fc8891c782b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:20
from posthog.capture_compression import (
    CaptureCompression,
    _resolve_capture_compression,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #36c75a5ca63c9d3e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:24
from posthog.capture_mode import CaptureMode, _resolve_capture_mode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fca575f3c5938b89 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:25
from posthog.capture_v1 import _send_v1_batch

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fcb4ab346cba37a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:26
from posthog.consumer import Consumer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e65e3cba19822209 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:27
from posthog.contexts import (
    _get_current_context,
    get_capture_exception_code_variables_context,
    get_code_variables_detect_secrets_context,
    get_code_variables_ignore_patterns_context,
    get_code_variables_mask_patterns_context,
    get_code_variables_mask_url_credentials_context,
    get_context_device_id,
    get_context_distinct_id,
    get_context_session_id,
    get_tags as _context_get_tags,
    identify_context as _context_identify_context,
    _scoped as _context_scoped,
    new_context,
    set_context_device_id as _context_set_context_device_id,
    set_context_session as _context_set_context_session,
    tag as _context_tag,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9d9f1f7e598d9e36 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:45
from posthog.exception_capture import ExceptionCapture

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7646e0ba2fbc9a8a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:46
from posthog._logging import _configure_posthog_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f535bc9001504183 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:47
from posthog.exception_utils import (
    DEFAULT_CODE_VARIABLES_DETECT_SECRETS,
    DEFAULT_CODE_VARIABLES_IGNORE_PATTERNS,
    DEFAULT_CODE_VARIABLES_MASK_PATTERNS,
    DEFAULT_CODE_VARIABLES_MASK_URL_CREDENTIALS,
    exc_info_from_error,
    exception_is_already_captured,
    exceptions_from_error_tuple,
    _get_current_otel_span_properties,
    handle_in_app,
    mark_exception_as_captured,
    try_attach_code_variables_to_frames,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8736b0f3de4d0ba2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:60
from posthog.feature_flag_evaluations import (
    FeatureFlagEvaluations,
    _EvaluatedFlagRecord,
    _FeatureFlagEvaluationsHost,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #704e8f33dbb4ffbf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:65
from posthog.feature_flags import (
    InconclusiveMatchError,
    RequiresServerEvaluation,
    match_feature_flag_properties,
    resolve_bucketing_value,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2eb92716772e3e91 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:71
from posthog.flag_definition_cache import (
    FlagDefinitionCacheData,
    FlagDefinitionCacheProvider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8d376f793c940a8f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:75
from posthog.poller import Poller

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ff2bd375f298851a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:76
from posthog.request import (
    AI_EVENTS_ENDPOINT,
    EVENTS_ENDPOINT,
    APIError,
    QuotaLimitError,
    RequestsConnectionError,
    RequestsTimeout,
    batch_post,
    determine_server_host,
    flags,
    get,
    is_ai_event,
    normalize_host,
    remote_config,
    reset_sessions,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4e9fcf4d818e3850 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:92
from posthog.types import (
    FeatureFlag,
    FeatureFlagError,
    FeatureFlagResult,
    FlagMetadata,
    FlagsAndPayloads,
    FlagsResponse,
    FlagValue,
    SendFeatureFlagsOptions,
    normalize_flags_response,
    to_flags_and_payloads,
    to_payloads,
    to_values,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #52a65c9a42cfb777 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:106
from posthog.utils import (
    FlagCache,
    RedisFlagCache,
    SizeLimitedDict,
    clean,
    guess_timezone,
    system_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4987196ae1754730 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:114
from posthog.version import VERSION

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #06597545a02f33eb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/consumer.py:7
from posthog._logging import _configure_posthog_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #32badf7af35d0c4b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/consumer.py:8
from posthog.capture_compression import CaptureCompression

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #59d20d4da5573f1f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/consumer.py:9
from posthog.capture_mode import CaptureMode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fdf66ca4953cc4ea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/consumer.py:10
from posthog.capture_v1 import _send_v1_batch

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8d1df73ae462add0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/consumer.py:11
from posthog.request import (
    AI_EVENTS_ENDPOINT,
    EVENTS_ENDPOINT,
    APIError,
    DatetimeSerializer,
    batch_post,
    is_ai_event,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #47459a7a6dab58a2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/contexts.py:7
    from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #13d00df5dc4cadbe Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/exception_capture.py:12
from posthog.bucketed_rate_limiter import BucketedRateLimiter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7972118f22bdcfb6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/exception_capture.py:13
from posthog.exception_utils import walk_exception_chain

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0254b90403b1bb0f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/exception_capture.py:16
    from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #08883868bd885a6f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/exception_utils.py:37
from posthog.args import ExceptionArg, ExcInfo  # noqa: F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3d108b9722afbc9c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/exception_utils.py:103
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4c82a9ff86d5d4bf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/feature_flag_evaluations.py:11
from posthog.types import FlagValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5ba6a1477ce651e0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/feature_flags.py:10
from posthog import utils

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2dd92dfd3487525b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/feature_flags.py:11
from posthog.types import FlagValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ecb1423b16b82017 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/feature_flags.py:12
from posthog.utils import convert_to_datetime_aware, is_valid_regex

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #10a0af65a9d05030 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/integrations/celery.py:468
            from posthog import capture

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #181860767c27a786 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/integrations/celery.py:470
            capture(event, properties=properties)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #91cec4dc93416f42 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/integrations/celery.py:476
            from posthog import capture_exception

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ce9f09d4da3ea4ed Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/integrations/django.py:368
            from posthog import capture_exception

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #30485f691d9b906f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/mcp/__init__.py:29
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cc351f39cba73372 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/mcp/__init__.py:126
        from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #406e556d1c4d3a2d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/mcp/_exceptions.py:15
from posthog.exception_utils import exceptions_from_error_tuple

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bf9a9ed619e554c7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/mcp/_sink.py:20
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #490ec7b2e4d83f36 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/mcp/posthog_mcp.py:17
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3a21dd0268dd9356 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/metrics_capture.py:33
from posthog.request import _get_session

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e3c36a1b08d33765 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/metrics_capture.py:34
from posthog.utils import remove_trailing_slash

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cf104549e0148ab3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/metrics_capture.py:35
from posthog.version import VERSION

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2e1a05cb18fddc0f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/request.py:18
from posthog._logging import _configure_posthog_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f997c53fd544412f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/request.py:19
from posthog.utils import remove_trailing_slash

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2222044512492401 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/request.py:20
from posthog.version import VERSION

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #51b50a5f01da02a0 Environment-variable access.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:190
                api_key = os.environ.get("GOOGLE_API_KEY") or os.environ.get("API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7f9f7d2a80ee182 Environment-variable access.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:191
                api_key = os.environ.get("GOOGLE_API_KEY") or os.environ.get("API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5437530b1470b89 Environment-variable access.
pkgs/python/[email protected]/posthog/ai/sanitization.py:11
    return os.environ.get("_INTERNAL_LLMA_MULTIMODAL", "").lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67972d060a4073cb Environment-variable access.
pkgs/python/[email protected]/posthog/capture_compression.py:105
    raw = os.environ.get(CAPTURE_COMPRESSION_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f97c85cdb8ba405a Environment-variable access.
pkgs/python/[email protected]/posthog/capture_mode.py:70
    raw = os.environ.get(CAPTURE_MODE_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #401231faf70712cd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/posthog/capture_v1.py:381
    return (session or _get_session()).post(
        url, data=body, headers=headers, timeout=timeout
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a6abfece84ace377 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/posthog/metrics_capture.py:515
            response = _get_session().post(
                url,
                data=body,
                headers={
                    "Content-Type": "application/json",
                    "Content-Encoding": "gzip",
                },
                timeout=timeout,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ff8343e47217d90e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/posthog/request.py:246
    res = (session or _get_session()).post(
        url, data=data, headers=headers, timeout=timeout
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

opentelemetry-api

python dependency
medium telemetry dependency Excluded from app score #9e759d14a8b6063c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:22
from opentelemetry._logs import LogRecord

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bb4567190f8b5217 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:23
from opentelemetry._logs.severity import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c6bcd4bc931e3b18 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:24
from opentelemetry.environment_variables import (
    _OTEL_PYTHON_EVENT_LOGGER_PROVIDER,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #351e2abdade75ca9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:27
from opentelemetry.trace.span import TraceFlags

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4ebb906302f7a73d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:28
from opentelemetry.util._once import Once

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #727d02762e119ea3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:29
from opentelemetry.util._providers import _load_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4d6330e7280c2430 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:30
from opentelemetry.util.types import AnyValue, _ExtendedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a80aed8f62534383 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/__init__.py:36
from opentelemetry._logs._internal import (
    Logger,
    LoggerProvider,
    LogRecord,
    NoOpLogger,
    NoOpLoggerProvider,
    get_logger,
    get_logger_provider,
    set_logger_provider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #74f19d7dbe8aab77 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/__init__.py:46
from opentelemetry._logs.severity import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5762c9c56a75b65f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:46
from opentelemetry._logs.severity import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #860f74623798f640 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:47
from opentelemetry.context import get_current

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b8df90fb15ff6338 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:48
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c82fc1f00fd1c446 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:49
from opentelemetry.environment_variables import _OTEL_PYTHON_LOGGER_PROVIDER

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3e668f383c58ca0e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:50
from opentelemetry.trace import get_current_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7c880a0b95890b21 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:51
from opentelemetry.trace.span import TraceFlags

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5247594b9e496b2c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:52
from opentelemetry.util._once import Once

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #284f4d1afcc87e95 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:53
from opentelemetry.util._providers import _load_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2e9c73f88230d581 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:54
from opentelemetry.util.types import AnyValue, _ExtendedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bf61f47a9ce5e7fd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/attributes/__init__.py:21
from opentelemetry.util import types

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7765157726f84e9c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/__init__.py:20
from opentelemetry.context import create_key, get_value, set_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cb0a12041a7785f9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/__init__.py:21
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c0afa673264c3c4d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/__init__.py:22
from opentelemetry.util.re import (
    _BAGGAGE_PROPERTY_FORMAT,
    _KEY_FORMAT,
    _VALUE_FORMAT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2965d23a348434c6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:20
from opentelemetry.baggage import _is_valid_pair, get_all, set_baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cb6f54898d559b71 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:21
from opentelemetry.context import get_current

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #409df9a130f3f6eb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:22
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9a8ca5654ba7f2d4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:23
from opentelemetry.propagators import textmap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #52a41eaafb9ca772 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:24
from opentelemetry.util.re import _DELIMITER_PATTERN

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #39dd3db3a28be841 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/context/__init__.py:24
from opentelemetry.context.context import Context, _RuntimeContext  # noqa

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #40a8fbed829ab5c8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/context/__init__.py:25
from opentelemetry.environment_variables import OTEL_PYTHON_CONTEXT

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1aa48aec63efaaf3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/context/__init__.py:26
from opentelemetry.util._importlib_metadata import entry_points

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f3c3636eb9db9562 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/context/contextvars_context.py:19
from opentelemetry.context.context import Context, _RuntimeContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4be9a42dacd8ba15 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:42
from opentelemetry.metrics._internal import (
    Meter,
    MeterProvider,
    NoOpMeter,
    NoOpMeterProvider,
    get_meter,
    get_meter_provider,
    set_meter_provider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7ef5b11f754b03e5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:51
from opentelemetry.metrics._internal.instrument import (
    Asynchronous,
    CallbackOptions,
    CallbackT,
    Counter,
    Histogram,
    Instrument,
    NoOpCounter,
    NoOpHistogram,
    NoOpObservableCounter,
    NoOpObservableGauge,
    NoOpObservableUpDownCounter,
    NoOpUpDownCounter,
    ObservableCounter,
    ObservableGauge,
    ObservableUpDownCounter,
    Synchronous,
    UpDownCounter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b9b87f1844716d6c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:70
from opentelemetry.metrics._internal.instrument import Gauge as _Gauge

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #88ab1bce175ff223 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:71
from opentelemetry.metrics._internal.instrument import NoOpGauge as _NoOpGauge

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e1b98b89dee0a126 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:72
from opentelemetry.metrics._internal.observation import Observation

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d88b2c7adac3d4e4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:51
from opentelemetry.environment_variables import OTEL_PYTHON_METER_PROVIDER

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1cfcff56fe6b9432 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:52
from opentelemetry.metrics._internal.instrument import (
    CallbackT,
    Counter,
    Gauge,
    Histogram,
    NoOpCounter,
    NoOpGauge,
    NoOpHistogram,
    NoOpObservableCounter,
    NoOpObservableGauge,
    NoOpObservableUpDownCounter,
    NoOpUpDownCounter,
    ObservableCounter,
    ObservableGauge,
    ObservableUpDownCounter,
    UpDownCounter,
    _MetricsHistogramAdvisory,
    _ProxyCounter,
    _ProxyGauge,
    _ProxyHistogram,
    _ProxyObservableCounter,
    _ProxyObservableGauge,
    _ProxyObservableUpDownCounter,
    _ProxyUpDownCounter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0917af4af09342bf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:77
from opentelemetry.util._once import Once

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c56bf821f7eb79ae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:78
from opentelemetry.util._providers import _load_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #09d7af824376ea77 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:79
from opentelemetry.util.types import (
    Attributes,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b681a237118875ca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/instrument.py:35
from opentelemetry import metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e12572cb31891d0f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/instrument.py:36
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #508aab30ff7e1e20 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/instrument.py:37
from opentelemetry.metrics._internal.observation import Observation

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #37a6fb1751c607bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/instrument.py:38
from opentelemetry.util.types import (
    Attributes,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6fd1e3a5e9e22b81 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/observation.py:17
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2672332bfac35f21 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/observation.py:18
from opentelemetry.util.types import Attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e4487c5ff301507f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:75
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c8c3c5275f3d1336 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:76
from opentelemetry.environment_variables import OTEL_PROPAGATORS

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7a08168b200372eb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:77
from opentelemetry.propagators import composite, textmap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6f23ec5f5821308f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:78
from opentelemetry.util._importlib_metadata import entry_points

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f5a5ebad5488742d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagators/composite.py:19
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0ac961734e3466bb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagators/composite.py:20
from opentelemetry.propagators import textmap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dbb197f69516fbfc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagators/textmap.py:18
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7edc261e4354ddb5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:85
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #198608b3095c26ef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:86
from opentelemetry.attributes import BoundedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9b3962e6e286abf0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:87
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5b188663adc2a039 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:88
from opentelemetry.environment_variables import OTEL_PYTHON_TRACER_PROVIDER

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a42ed0ac39544fa4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:89
from opentelemetry.trace.propagation import (
    _SPAN_KEY,
    get_current_span,
    set_span_in_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #77594723048a2f55 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:94
from opentelemetry.trace.span import (
    DEFAULT_TRACE_OPTIONS,
    DEFAULT_TRACE_STATE,
    INVALID_SPAN,
    INVALID_SPAN_CONTEXT,
    INVALID_SPAN_ID,
    INVALID_TRACE_ID,
    NonRecordingSpan,
    Span,
    SpanContext,
    TraceFlags,
    TraceState,
    format_span_id,
    format_trace_id,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #df0c1e6b4fdf26ea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:109
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e28d306e49bb1881 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:110
from opentelemetry.util import types

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #695e14b32af93135 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:111
from opentelemetry.util._decorator import _agnosticcontextmanager

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #56b5050a3c0ffe63 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:112
from opentelemetry.util._once import Once

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5420e0df99bb0b59 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:113
from opentelemetry.util._providers import _load_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #74cddf32116103f6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/__init__.py:16
from opentelemetry.context import create_key, get_value, set_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cbc474627b25419d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/__init__.py:17
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1b9ef57a8953372b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/__init__.py:18
from opentelemetry.trace.span import INVALID_SPAN, Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e795aa8e7f49fe5c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:18
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #13aaad3808d7a895 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:19
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d55479b3f78170f3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:20
from opentelemetry.propagators import textmap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #222ee8d6adb8379a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:21
from opentelemetry.trace import format_span_id, format_trace_id

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f6c6f53598642e4f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:22
from opentelemetry.trace.span import TraceState

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #754e48c7a2606819 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/span.py:8
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3c6b15fcee11fe5b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/span.py:9
from opentelemetry.util import types

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a4e33d5f1f99e0a7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/util/_providers.py:19
from opentelemetry.util._importlib_metadata import entry_points

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bacb96617e139649 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/util/_providers.py:22
    from opentelemetry.metrics import MeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #535bf544bc264977 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/util/_providers.py:23
    from opentelemetry.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #3d8e0b1f33f75e1b Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:211
        if _OTEL_PYTHON_EVENT_LOGGER_PROVIDER not in environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35aa0e107079a01f Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:395
        if _OTEL_PYTHON_LOGGER_PROVIDER not in environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47427dc6c306dd20 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/context/__init__.py:43
    configured_context = environ.get(OTEL_PYTHON_CONTEXT, default_context)  # type: str

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4a081d06bfee1a2 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:880
        if OTEL_PYTHON_METER_PROVIDER not in environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #469c7966db3ea295 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:127
environ_propagators = environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67d646c9f0f9be0c Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:127
environ_propagators = environ.get(
    OTEL_PROPAGATORS,
    "tracecontext,baggage",
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46647fe18c723c63 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:554
        if OTEL_PYTHON_TRACER_PROVIDER not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad5cda0c8643c7f5 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/util/_providers.py:36
            environ.get(provider_environment_variable, f"default_{provider}"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-cloud-aiplatform

python dependency
medium pii_flow dependency Excluded from app score #c5868a0c2a25ec27 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:1848 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:1851 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:1848
            httpx_client=httpx.AsyncClient(
                headers={
                    "Authorization": (
                        f"Bearer {self.api_client._api_client._credentials.token}"
                    )
                },
                timeout=(
                    self.api_client._api_client._http_options.timeout / 1000.0
                    if self.api_client._api_client._http_options.timeout
                    else None
                ),
            ),

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium telemetry dependency Excluded from app score #d4dad8914ab00ef9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:2191
        import opentelemetry

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b34e83b5d116d9a8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:2205
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6af58b0c61919525 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:2233
        import opentelemetry.exporter.cloud_trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow dependency Excluded from app score #811d229435b7ceff A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1800 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1803 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1800
            httpx_client=httpx.AsyncClient(
                headers={
                    "Authorization": (
                        f"Bearer {initializer.global_config.credentials.token}"
                    )
                }
            ),

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium telemetry dependency Excluded from app score #cb4a7afad5a54391 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:106
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6a5ddfcd9e4a673f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:284
        import opentelemetry.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ccb757ae4e05af69 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:285
        import opentelemetry._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #67057024054e6563 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:293
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3323ece4f2aba0bb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:294
        import opentelemetry.sdk._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a29504c90e772710 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:371
        import opentelemetry

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #774d79ce93231db1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:372
        import opentelemetry.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7648b95b0b327215 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:373
        import opentelemetry._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7dd93ca1b2644481 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:380
        import opentelemetry.sdk.resources

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #62849136568957b4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:381
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #adde9d19a403b35e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:382
        import opentelemetry.sdk.trace.export

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #09f80b39756fa68b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:383
        import opentelemetry.sdk._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dbc7fcbaa17efef0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:384
        import opentelemetry.sdk._logs.export

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #509f979609036004 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:417
            import opentelemetry.exporter.otlp.proto.http.version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9da7e4a3e107e854 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:418
            import opentelemetry.exporter.otlp.proto.http.trace_exporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2545679ebc37d355 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:494
            import opentelemetry.exporter.cloud_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9db009b96a66becc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:546
        from opentelemetry.instrumentation import google_genai

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #187a208ce4446848 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/ag2.py:37
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #43c7e6c36eb60557 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/langchain.py:54
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a9373ab05741df5c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/langgraph.py:49
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d00be966b9e4d095 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/llama_index.py:42
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow dependency Excluded from app score #a754c6231570f940 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1842 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1845 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1842
            httpx_client=httpx.AsyncClient(
                headers={
                    "Authorization": (
                        f"Bearer {self.api_client._api_client._credentials.token}"
                    )
                },
                timeout=(
                    self.api_client._api_client._http_options.timeout / 1000.0
                    if self.api_client._api_client._http_options.timeout
                    else None
                ),
            ),

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow dependency Excluded from app score #94a7d1e99500b010 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1957 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1960 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1957
            httpx_client=httpx.AsyncClient(
                headers={
                    "Authorization": (
                        f"Bearer {self.api_client._api_client._credentials.token}"
                    )
                },
                timeout=(
                    self.api_client._api_client._http_options.timeout / 1000.0
                    if self.api_client._api_client._http_options.timeout
                    else None
                ),
            ),

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow dependency Excluded from app score #05120d71790c3429 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1791 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1794 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1791
            httpx_client=httpx.AsyncClient(
                headers={
                    "Authorization": (
                        f"Bearer {initializer.global_config.credentials.token}"
                    )
                }
            ),

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium telemetry dependency Excluded from app score #1e37f5ea196e8906 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/_utils.py:712
        import opentelemetry  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #72b1ffe69f279486 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/_utils.py:726
        import opentelemetry.sdk.trace  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8bab8a34b026888e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/_utils.py:754
        import opentelemetry.exporter.cloud_trace  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f1a1591dd321f7eb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:90
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c8b592081df2bc7b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:268
        import opentelemetry.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f97e6d11b3146b93 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:269
        import opentelemetry._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #790373b5e54e0cf6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:277
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #35a55bf0c7378155 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:278
        import opentelemetry.sdk._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #45bdbbd5834bf05a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:355
        import opentelemetry

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f99dc6ea16256202 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:356
        import opentelemetry.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ef5fa71ec4be1335 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:357
        import opentelemetry._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b80e606afc82d36a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:364
        import opentelemetry.sdk.resources

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3558285c3b92dd27 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:365
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b15ed79b27321bd4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:366
        import opentelemetry.sdk.trace.export

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8f31e11b028791bf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:367
        import opentelemetry.sdk._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ac87cb5a4757f19c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:368
        import opentelemetry.sdk._logs.export

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8ade13cfc53f1c89 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:401
            import opentelemetry.exporter.otlp.proto.http.version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #db1ff2c589a8f6c9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:402
            import opentelemetry.exporter.otlp.proto.http.trace_exporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #31a17f4ba019b3a9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:478
            import opentelemetry.exporter.cloud_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3d71b15d1dfee27f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:530
        from opentelemetry.instrumentation import google_genai

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #99adea64b8be52fc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/ag2.py:37
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #49552703248934ef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/langchain.py:54
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6473fe022b7bef6a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/langgraph.py:49
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c4749e41c79b001d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:91
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #83c43317266882f5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:329
        import opentelemetry.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1344846308ee1ebc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:330
        import opentelemetry._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7cb6e7a15cb4cbf0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:338
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eef41f5cf0c05d1a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:339
        import opentelemetry.sdk._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2548ce0ad56e24df Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:416
        import opentelemetry

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #271e89d1f424d61a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:417
        import opentelemetry.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d32e9a2b5a47eea3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:418
        import opentelemetry._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ca1c9e262eb90e3d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:425
        import opentelemetry.sdk.resources

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4217b1fe150cffa7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:426
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #12e3211f758d442e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:427
        import opentelemetry.sdk.trace.export

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5d5e35e75cba9432 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:428
        import opentelemetry.sdk._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a5cf523f22bf7ac3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:429
        import opentelemetry.sdk._logs.export

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8db3e23064166611 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:462
            import opentelemetry.exporter.otlp.proto.http.version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5831a01e3bdf9a28 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:463
            import opentelemetry.exporter.otlp.proto.http.trace_exporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bc62e0b04b17914f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:539
            import opentelemetry.exporter.cloud_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5a231628c1bccce2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:591
        from opentelemetry.instrumentation import google_genai

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d4b8f5c776a6c5fe Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/ag2.py:37
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #75033891abed56d4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/langchain.py:54
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d260a6e8cf332978 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/langgraph.py:57
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b0631d27c1127068 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/llama_index.py:42
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9b33f11a7e7c6f11 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/reasoning_engines/_utils.py:365
        import opentelemetry  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cd3ef567bd5d160f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/reasoning_engines/_utils.py:379
        import opentelemetry.sdk.trace  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7b64d5a7f10ea7e7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/reasoning_engines/_utils.py:407
        import opentelemetry.exporter.cloud_trace  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 776 low-confidence finding(s)
low env_fs dependency Excluded from app score #c7d11d083a7f5027 Filesystem access.
pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:1463
            with open(requirements) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #b632f29d8240dc16 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/_evals_common.py:913
        agent_resp = api_client.request("get", f"agents/{agent_short_id}", {}, None)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6be78f230b9657ae Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/_evals_common.py:953
        response = self._api_client.request("post", "interactions", request_dict)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #69de57104462feae Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/_evals_common.py:957
        response = self._api_client.request("get", f"interactions/{interaction_id}", {})

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8f0353286a4a3955 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/_evals_common.py:1300
            response = api_client.request("get", path, {}, None)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #40d187ac6ed46645 Environment-variable access.
pkgs/python/[email protected]/agentplatform/_genai/_evals_common.py:3022
    original_location = os.environ.get("GOOGLE_CLOUD_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #328dd7898ff91ebd Environment-variable access.
pkgs/python/[email protected]/agentplatform/_genai/_evals_common.py:3044
                os.environ["GOOGLE_CLOUD_LOCATION"] = "global"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b82ac15aff19d98 Environment-variable access.
pkgs/python/[email protected]/agentplatform/_genai/_evals_common.py:3073
                del os.environ["GOOGLE_CLOUD_LOCATION"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abfccc6fabcc7e31 Environment-variable access.
pkgs/python/[email protected]/agentplatform/_genai/_evals_common.py:3075
                os.environ["GOOGLE_CLOUD_LOCATION"] = original_location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #7c480d9d6261ad65 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/_evals_utils.py:923
        response = api_client.request("get", operation.name, {}, None)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #dd740818ed50daae Filesystem access.
pkgs/python/[email protected]/agentplatform/_genai/_skills_utils.py:46
                with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #66afa8430534f846 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/a2a_task_events.py:162
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7c8c8429a267a3d4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/a2a_task_events.py:251
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2983c046a1c03ac1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/a2a_tasks.py:198
        self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e3402b325e653d2c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/a2a_tasks.py:256
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #04048a42b67d53c8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/a2a_tasks.py:340
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f19a17e8cb12f366 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/a2a_tasks.py:428
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #59af49355e305bfc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/agent_engines.py:814
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f4f85a1d70f5a83a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/agent_engines.py:888
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e5e04268d63872b7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/agent_engines.py:965
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bcbcaf02eb21c2d1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/agent_engines.py:1038
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #abf2ca610213c887 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/agent_engines.py:1130
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #59bdaf584ed9a05b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/agent_engines.py:1199
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4660d75882362fec Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/agent_engines.py:1270
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #662399ce31956cc4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/agent_engines.py:1341
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0d6fccbf3eb1aa07 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/agent_engines.py:1413
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f54db59dddfdbc98 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/agent_engines.py:1484
        response = self._api_client.request("patch", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #404d1f8d55da34a7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/agent_engines.py:1631
        raw_response = self._api_client.request("get", name, {})

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7179c3b75f0b9885 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/datasets.py:298
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e1439a49d239ab32 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/datasets.py:390
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #283d682076ff4080 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/datasets.py:472
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ee1f79ab82fe8d17 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/datasets.py:543
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5c638dfc0b6decb4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/datasets.py:615
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #435688c45d921e16 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/datasets.py:693
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e39337395478af58 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/datasets.py:763
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #165736e5cb2c2399 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/datasets.py:843
        response = self._api_client.request("patch", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b47f5dec21f326ee Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/evals.py:1064
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #928158356b936b48 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/evals.py:1140
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #233bc6ad0edbd8ff Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/evals.py:1229
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6cac685995be7afd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/evals.py:1306
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #95df249b2f000760 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/evals.py:1378
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #928a7728c2a6a888 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/evals.py:1482
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #93e8fa938a20964f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/evals.py:1564
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c7d4389e0d92b4d6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/evals.py:1642
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f0666604b29bb472 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/evals.py:1722
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #dd77459483aca222 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/evals.py:1794
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1c9dc560d58cef36 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/evals.py:1866
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #90975ffb1caed2fb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/evals.py:1938
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4bd29ff19ff8f94d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/evals.py:2007
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1d5f51afe61b472f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/evals.py:2075
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4685adbc32c1cb7e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/evals.py:2353
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #615ae0484ff5d485 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/feedback_contexts.py:155
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #fe0dd7a81feaa442 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/feedback_contexts.py:225
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6d50182b0a759d19 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/feedback_contexts.py:301
        response = self._api_client.request("patch", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #949a8771b58d250e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/feedback_entries.py:271
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #139af71519066de1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/feedback_entries.py:341
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b0aa1b093967e562 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/feedback_entries.py:425
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d171599d2892589d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/feedback_entries.py:495
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #78557c9e20520b89 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/feedback_entries.py:579
        response = self._api_client.request("patch", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4db704a9c11dd8ec Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/feedback_entries.py:649
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d117718f7ed2b34a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/feedback_entries.py:719
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #87b837da571f78b8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/memories.py:619
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7869204d46217685 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/memories.py:701
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f13e26e5239d75e8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/memories.py:789
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5a6ad2a0d29e5fc1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/memories.py:869
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #50a417e02512643d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/memories.py:953
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5b1a437148b4c5e5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/memories.py:1027
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f2aad25f34a125c9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/memories.py:1097
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #84694bd04435d0db Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/memories.py:1167
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6fa33a4218f6b16b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/memories.py:1251
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c6288da5ebd03c82 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/memories.py:1353
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c57a34d458282957 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/memories.py:1429
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b253224ee14c5bed Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/memories.py:1507
        response = self._api_client.request("patch", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e3c6b310814a8fec Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/memories.py:1589
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #75329c339da306c3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/memory_revisions.py:140
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a8ac72f1d4b91df0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/memory_revisions.py:224
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9464d8fbb4f6ec2c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/model_garden.py:207
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8d85978865a00213 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/model_garden.py:278
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c28934666833c2a0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/model_garden.py:352
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9e7741d7edbc459a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/prompt_optimizer.py:251
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #24b5e6fbf03f1cbe Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/prompt_optimizer.py:323
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #43e4cc79dce3acae Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/prompt_optimizer.py:395
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0c1f6476220a8808 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/prompt_optimizer.py:586
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #81e937d82ff341f5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/prompts.py:512
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d4ee32c1073027e8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/prompts.py:592
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a70860e02927da54 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/prompts.py:664
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c64161bba9f7f271 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/prompts.py:740
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ef8510673dda548f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/prompts.py:816
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d0d72dbb1bc840b8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/prompts.py:884
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #fde7e732b184a4e5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/prompts.py:962
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #99fdd867049fedd5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/prompts.py:1027
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #28060197b66d9ac7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/prompts.py:1101
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9c36ae6fd2563879 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/prompts.py:1177
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d2395cb0ff97f413 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/prompts.py:1261
        response = self._api_client.request("patch", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ef357ded50803304 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/prompts.py:1333
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #884d8a94904a19ca Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/prompts.py:1405
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #236f64fd7883fd18 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/prompts.py:1480
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #70974854f38d4551 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/prompts.py:2305
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e2fc0ad50864e7b4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/rag.py:1699
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b2cdf05990d53f9f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/rag.py:1771
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2ceffc8374b0d8be Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/rag.py:1839
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #421fe94de48093ba Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/rag.py:1919
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5e0812a1d96c04da Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/rag.py:1997
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5228c7e7ddf24b7e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/rag.py:2077
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #20c4f42ef9a11461 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/rag.py:2154
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #65afa39f8c5d5777 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/rag.py:2229
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f6ce349d95df2d2d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/rag.py:2306
        response = self._api_client.request("patch", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #22f6ae4135742d37 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/rag.py:2378
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d36ce552ee076f81 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/rag.py:2447
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d3759f6e5bb3f75f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/rag.py:2519
        response = self._api_client.request("patch", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #106f7ba94523dafc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/rag.py:2604
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b64c70abdf768b7e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/rag.py:2672
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #834168c7747bb6a7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/rag.py:2746
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6fce4e6e0f525df5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/rag.py:2814
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b99685b5edaf611d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/rag.py:2886
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2b73c2ed38d5887f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/rag.py:3189
        response = self._api_client.request(
            "post",
            request_path,
            request_dict,
            http_options,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #fa1bb8f2c03391f8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/runtime_revisions.py:189
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3fefd9837ca9e1c7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/runtime_revisions.py:273
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8ba63038fa1809ce Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/runtime_revisions.py:359
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5a042de30e053d65 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/runtime_revisions.py:433
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #700073201bfd46e1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/runtime_revisions.py:507
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #92716c4390403bf1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sandbox_snapshots.py:206
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #cab4440416cb20a1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sandbox_snapshots.py:281
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c906afe96303733f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sandbox_snapshots.py:356
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b17921b57fa7ae3d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sandbox_snapshots.py:431
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c55dda3b98a18a30 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sandbox_snapshots.py:501
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f2171d9ba9e0398f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sandbox_templates.py:217
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #63810ee01724c7ad Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sandbox_templates.py:299
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6d653c8705e54742 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sandbox_templates.py:385
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #48953c9f054e0a65 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sandbox_templates.py:467
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f5043c42200ba11e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sandbox_templates.py:537
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c8520872f0eec6f6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sandboxes.py:232
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #534e8913297bab7b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sandboxes.py:312
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c08b7a1010f338e7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sandboxes.py:388
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #cfe591da17bcaf4d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sandboxes.py:468
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8c3c890b975ffeda Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sandboxes.py:552
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #632b870385210bac Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sandboxes.py:622
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1c3edf3c9fa38206 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sandboxes.py:966
        response = http_client._api_client.request(http_method, path, request_dict)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d52ab9d679652215 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/session_events.py:191
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #baaee35494bf1db5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/session_events.py:275
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2834c075d0c3f82f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sessions.py:273
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #947bafa4141915ee Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sessions.py:357
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8d0f320eeb917099 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sessions.py:441
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b4df0f7dd3610b50 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sessions.py:525
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0f68a6fc9e4fd377 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sessions.py:595
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ca9b3257dd7f180a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/sessions.py:679
        response = self._api_client.request("patch", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #03d40deb7a3c55aa Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/skill_revisions.py:126
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4df532f2a4978cc3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/skill_revisions.py:200
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d1956b677f4b0d91 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/skills.py:268
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4e235e9c4e4fb0e9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/skills.py:337
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2735ac8485305c5b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/skills.py:413
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3adecbc8563629f0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/skills.py:482
        response = self._api_client.request("patch", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e90f2ecf7bdec0c9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/skills.py:546
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d2f918e223e308c0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/skills.py:615
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6c7d69529ce7a1c1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/_genai/skills.py:683
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #b6fa10a0e13af118 Filesystem access.
pkgs/python/[email protected]/agentplatform/_genai/types/common.py:1956
        with open(file_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64752c7472e512d3 Filesystem access.
pkgs/python/[email protected]/agentplatform/_genai/types/common.py:2063
                with open(config_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #793861bfff7774e8 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1133
        if GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68f1278c75f003ad Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1134
            os.environ[GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY] = "unspecified"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4207f15fa51b78ae Filesystem access.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1158
            with open(requirements) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7c5101bd2f1aba4 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1372
        if env_var not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #310ad8731d1788ed Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1375
            aip_types.EnvVar(name=env_var, value=os.environ[env_var])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0b12ee441e18003 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/a2a.py:320
        os.environ["GOOGLE_GENAI_USE_VERTEXAI"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79717812de466485 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/a2a.py:322
        os.environ["GOOGLE_CLOUD_PROJECT"] = project

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c82c7fbeadd5731 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/a2a.py:324
        os.environ["GOOGLE_CLOUD_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d65cabfc3c35e7a Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/a2a.py:325
        agent_engine_id = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", "test-agent-engine")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d81b4d3e09cb8d42 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:362
        location = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "") or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff1a26afeabbc17a Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:362
        location = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "") or os.getenv(
            "GOOGLE_CLOUD_LOCATION", ""
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d126d75ca618d2f1 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:365
        agent_engine_id = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #616a3c2d65454e5a Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:401
            "service.name": os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc27d714603cdd68 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:404
                os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30655d9c22dcf25f Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:405
                or os.getenv("GOOGLE_CLOUD_LOCATION", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b517fc9136db356e Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:517
        if "gen_ai_latest_experimental" in os.getenv(
            "OTEL_SEMCONV_STABILITY_OPT_IN", ""
        ).split(","):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a68cc208d5cbdf8 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:524
                        default_log_name=os.getenv(
                            "GCP_DEFAULT_LOG_NAME", "adk-on-agent-engine"
                        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b11a73b0aab82c82 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:535
                        default_log_name=os.getenv(
                            "GCP_DEFAULT_LOG_NAME", "adk-on-agent-engine"
                        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #14dc3b199e4f95b3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:614
    r = session.post(endpoint, data=None)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a1d796fb6b48f888 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:628
    use_mtls_endpoint_str = os.getenv(
        "GOOGLE_API_USE_MTLS_ENDPOINT", _MtlsEndpoint.AUTO.value
    ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7ca4e786cba22cd Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:666
        use_client_cert_str = os.getenv(
            "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02e1b9f0b150cf25 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:779
                initializer.global_config.api_key or os.environ.get("GOOGLE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #697509e8186f94eb Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:949
        os.environ["GOOGLE_GENAI_USE_VERTEXAI"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #807baf231b59b1ea Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:952
            os.environ["GOOGLE_CLOUD_PROJECT"] = project

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #837bd4c0df46b1ae Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:955
            if "GOOGLE_CLOUD_AGENT_ENGINE_LOCATION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a249f491940e79c7 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:956
                os.environ["GOOGLE_CLOUD_AGENT_ENGINE_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca48aa79bcd8644e Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:957
            if "GOOGLE_CLOUD_LOCATION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27636c912fa08a99 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:958
                os.environ["GOOGLE_CLOUD_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a66ca43c0dc5a11 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:959
        agent_engine_location = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7960f4b2f80f2c5c Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:959
        agent_engine_location = os.environ.get(
            "GOOGLE_CLOUD_AGENT_ENGINE_LOCATION",  # the runtime env var (if set)
            location,  # the location set in the AdkApp template
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1e0af9d050e7449 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:965
            os.environ["GOOGLE_API_KEY"] = express_mode_api_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40b0663e60a1c218 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:967
            os.environ.pop("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9dff454a371eb64f Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:968
            os.environ.pop("GOOGLE_CLOUD_LOCATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03047393d911b86f Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:969
            os.environ.pop("GOOGLE_CLOUD_PROJECT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba03f7ec4f562e4b Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:976
            os.environ["ADK_CAPTURE_MESSAGE_CONTENT_IN_SPANS"] = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55ee7281783e645a Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:978
            os.environ["ADK_CAPTURE_MESSAGE_CONTENT_IN_SPANS"] = "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06d30504d49a6831 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1024
            if "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c1d8f802d05c6d8 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1025
                self._tmpl_attrs["app_name"] = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f22222530ac2e14b Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1025
                self._tmpl_attrs["app_name"] = os.environ.get(
                    "GOOGLE_CLOUD_AGENT_ENGINE_ID",
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6928973fb137e9dc Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1040
        elif "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fe9ccdada76a3df Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1051
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #192e0081cba44650 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1063
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d79ffda649189e25 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1072
        elif "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ and is_version_sufficient(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #212ab813e91378bf Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1085
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8e33112bc496f54 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1097
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #203f78e411157359 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:2106
        env_value = os.getenv(
            GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY, "unspecified"
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e23441222617efd9 Filesystem access.
pkgs/python/[email protected]/agentplatform/preview/rag/rag_data.py:449
        "file": open(path, "rb"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3539c15f1369fcd3 Filesystem access.
pkgs/python/[email protected]/agentplatform/rag/rag_data.py:427
        "file": open(path, "rb"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14693f4c9bff30f1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/docker_utils/run.py:52
    return os.environ.get(_ADC_ENVIRONMENT_VARIABLE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #041e22a139e0bdb6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/explain/lit.py:219
        if os.environ.get("LIT_PROXY_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c7e2104fccb73d4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/initializer.py:92
            project_number = os.environ.get("GOOGLE_CLOUD_PROJECT") or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27a2543fef5d0b72 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/initializer.py:92
            project_number = os.environ.get("GOOGLE_CLOUD_PROJECT") or os.environ.get(
                "CLOUD_ML_PROJECT_ID"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54ab51e998d8abaf Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/initializer.py:379
        location = os.getenv("GOOGLE_CLOUD_REGION") or os.getenv("CLOUD_ML_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afe28ff353a0e678 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/initializer.py:429
        vertex_product = os.getenv("VERTEX_PRODUCT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f1d4882c6d169a4 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/jobs.py:2147
                with open(autolog_script_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #250e067c39b1a88b Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/jobs.py:2157
                    trainer_script = open(script_path, "r").read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52c4ae1c3e184298 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/_models.py:60
    with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d365b806c0068f5 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/_models.py:156
    with open(model_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93bd4e0f94bd8956 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/_models.py:340
    with open(example_file, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29be81915042f796 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/_models.py:895
            with open(destination_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #239bf4de8367f89b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/metadata.py:267
        if os.getenv(constants.ENV_EXPERIMENT_KEY):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a359a4c6149d3410 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/metadata.py:269
                os.getenv(constants.ENV_EXPERIMENT_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d299bf9397bf0ee7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/metadata.py:280
        env_experiment_run = os.getenv(constants.ENV_EXPERIMENT_RUN_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #66f45dc9e23dc7be Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/local_endpoint.py:392
                response = requests.post(url, data=request, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #870e4db4ffd80404 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/local_endpoint.py:396
                with open(request_file) as data:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #c11874a9c9842322 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/local_endpoint.py:397
                    response = requests.post(url, data=data, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #ff7050f218de0126 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:61
        if "HANDLER_MODULE" not in os.environ or "HANDLER_CLASS" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96a1e01d67dfd1d8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:66
        handler_module = importlib.import_module(os.environ.get("HANDLER_MODULE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7a0c4a0f0c73810 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:67
        handler_class = getattr(handler_module, os.environ.get("HANDLER_CLASS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b5fee9e2ffddf7f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:73
        if "PREDICTOR_MODULE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #444f31b988d4e117 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:75
                os.environ.get("PREDICTOR_MODULE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #261695c0ea3d8529 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:78
                predictor_module, os.environ.get("PREDICTOR_CLASS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b633d324fbc94f52 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:82
            os.environ.get("AIP_STORAGE_URI"), predictor=predictor_class

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9e1fff03ab83795 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:85
        if "AIP_HTTP_PORT" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09ddf8e5189a1298 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:90
            "AIP_HEALTH_ROUTE" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2818f821349bc5e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:91
            or "AIP_PREDICT_ROUTE" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca9a20992295a599 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:97
        self.http_port = int(os.environ.get("AIP_HTTP_PORT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f8f47383a3df3ca Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:98
        self.health_route = os.environ.get("AIP_HEALTH_ROUTE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c041823f08d320cd Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:99
        self.predict_route = os.environ.get("AIP_PREDICT_ROUTE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c74dbd6ec5dff44 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:183
    workers_per_core_str = os.getenv("VERTEX_CPR_WORKERS_PER_CORE", "1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30780307b77b7882 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:184
    max_workers_str = os.getenv("VERTEX_CPR_MAX_WORKERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4e446edc2804750 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:188
    web_concurrency_str = os.getenv("VERTEX_CPR_WEB_CONCURRENCY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #032e735b824149d5 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:198
    os.environ["WEB_CONCURRENCY"] = web_concurrency_str

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46d94e3177ba245c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:200
        f'Set the number of model server workers to {os.environ["WEB_CONCURRENCY"]}.'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecfb8c842896eb0d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:209
        port=int(os.environ.get("AIP_HTTP_PORT")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af7e41c4da2478c9 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/sklearn/predictor.py:86
            self._model = pickle.load(open(prediction.MODEL_FILENAME_PKL, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bccfc5372d905ac Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/xgboost/predictor.py:104
            booster = pickle.load(open(prediction.MODEL_FILENAME_PKL, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98141336e281b9bf Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:36
    env = os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b995e4e482db085 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:44
training_data_uri = os.environ.get("AIP_TRAINING_DATA_URI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d54801d7f3100984 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:47
validation_data_uri = os.environ.get("AIP_VALIDATION_DATA_URI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dd3d482bfe960cf Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:50
test_data_uri = os.environ.get("AIP_TEST_DATA_URI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8980dcd81edec6d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:53
model_dir = os.environ.get("AIP_MODEL_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #101f69c24b22cd6c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:56
checkpoint_dir = os.environ.get("AIP_CHECKPOINT_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dab4a7fd8603d31e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:59
tensorboard_log_dir = os.environ.get("AIP_TENSORBOARD_LOG_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bb78d8bbe0800ca Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:68
tf_profiler_port = os.environ.get("AIP_TF_PROFILER_PORT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3da0ee8407e7cd6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:71
tensorboard_api_uri = os.environ.get("AIP_TENSORBOARD_API_URI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77a5e658a5e08bd7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:75
tensorboard_resource_name = os.environ.get("AIP_TENSORBOARD_RESOURCE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98cc4e2269ca18c9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:78
cloud_ml_job_id = os.environ.get("CLOUD_ML_JOB_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #927f7bab8ef7bcc3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:81
http_handler_port = os.environ.get("AIP_HTTP_HANDLER_PORT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a85af999906ae53 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/utils/yaml_utils.py:117
    with open(file_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9aec24de5cf5ef2a Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/vertex_ray/bigquery_datasink.py:119
                        with open(fp, "rb") as source_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08e62bff55c29b5b Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/vertex_ray/predict/sklearn/register.py:160
        with open(model_path, mode="rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36fbebd7528c2eb3 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/vertex_ray/predict/sklearn/register.py:167
                with open(f"{temp_dir}/{model_file_name}", mode="rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42810c53440f78d4 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/vertex_ray/render.py:26
        with open(pathlib.Path(__file__).parent / "templates" / file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b28d46505ff4fe2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/data_foundry_service/client.py:193
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc5c27060e7544ba Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/data_foundry_service/client.py:369
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d77ca55a8a0fd28 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/data_foundry_service/client.py:410
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5936f3fe1cea22a8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/data_foundry_service/client.py:411
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2637b256ba7805e3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/dataset_service/client.py:210
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c85aa55f028d62e3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/dataset_service/client.py:530
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee416cc6bbd46211 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/dataset_service/client.py:571
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ec2d0e84ab7dcca Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/dataset_service/client.py:572
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a540f9700d058740 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/deployment_resource_pool_service/client.py:211
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #190d0877055b5a82 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/deployment_resource_pool_service/client.py:477
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #125b9ed7cb683b27 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/deployment_resource_pool_service/client.py:520
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #900e23b831ceacfe Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/deployment_resource_pool_service/client.py:521
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5be63986d35fab5f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/endpoint_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #843267b9b9cbd488 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/endpoint_service/client.py:507
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e887aae1adab1f58 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/endpoint_service/client.py:548
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #295c385510b25a1e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/endpoint_service/client.py:549
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #865de037b06a3dfa Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/evaluation_service/client.py:191
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28518e6158e3ed54 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/evaluation_service/client.py:367
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58bfb3c7cb0b8828 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/evaluation_service/client.py:408
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6882d026e3f0ee68 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/evaluation_service/client.py:409
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b594a153c727bc7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_admin_service/client.py:223
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1482546f3c8edb3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_admin_service/client.py:471
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f13852ca8febef1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_admin_service/client.py:514
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02fd78699f87bac8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_admin_service/client.py:515
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1ab04db989f9830 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_service/client.py:198
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e11de96efce27188 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_service/client.py:398
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #636a614cdf2f498b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_service/client.py:439
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af6a1bdf3ee1982c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_service/client.py:440
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c77a826fe67fb6e6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_registry_service/client.py:205
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f148f0a23006b7a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_registry_service/client.py:429
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37323f5b2f8db2b3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_registry_service/client.py:470
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #058113280b0bef2a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_registry_service/client.py:471
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a904a5e032a9a6f4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_online_serving_service/client.py:205
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f67b7af781e09709 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_online_serving_service/client.py:407
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c87ed7526b1cf08 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_online_serving_service/client.py:450
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bac1aa28202a5c22 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_online_serving_service/client.py:451
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8112cb9b24cefb8d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_service/client.py:208
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b59e8f3cfef321f2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_service/client.py:456
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ede641ebc183358 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_service/client.py:497
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b78d729688d02cad Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_service/client.py:498
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c286dfd2ec00a6db Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_cache_service/client.py:200
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #771ac441613b15e7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_cache_service/client.py:420
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c1ac04d9b132447 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_cache_service/client.py:461
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e408a8b2898a1b3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_cache_service/client.py:462
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8d8e5a977415443 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_tuning_service/client.py:200
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c61a7dc79d64d311 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_tuning_service/client.py:488
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e2e30d39c6ec60d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_tuning_service/client.py:529
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb8f18fa6a7a4035 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_tuning_service/client.py:530
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce8d269976780e95 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_endpoint_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #679e6ce59e5668b9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_endpoint_service/client.py:444
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09396dae6c514852 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_endpoint_service/client.py:485
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fb9e0d2e3b29c0a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_endpoint_service/client.py:486
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2faa384096edcdc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_service/client.py:203
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e4e24a9bd8976eb Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_service/client.py:423
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54d251466f3a14f7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_service/client.py:464
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17519e17a5b1d2fa Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_service/client.py:465
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2fe3418d5bc7219 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/job_service/client.py:228
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3734ab886d436f8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/job_service/client.py:803
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b908ddc8e5f84208 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/job_service/client.py:844
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82a0a824267b8910 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/job_service/client.py:845
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab61852aefa9ce56 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/llm_utility_service/client.py:194
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43d478e921076576 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/llm_utility_service/client.py:414
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f90c776d5ea03995 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/llm_utility_service/client.py:455
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #881bee6b1879a0ba Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/llm_utility_service/client.py:456
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #148bc31cbc171180 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/match_service/client.py:192
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a65e396b706cfde4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/match_service/client.py:390
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df484f1fed45d0fb Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/match_service/client.py:431
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6b1daee6548a46b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/match_service/client.py:432
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c0e6ff0bf2a2773 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/metadata_service/client.py:212
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f29c17b284134ec3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/metadata_service/client.py:506
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a59958c4faeffa71 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/metadata_service/client.py:547
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9291fd9f7fce4542 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/metadata_service/client.py:548
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e682e6f89aeecdfb Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/migration_service/client.py:197
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c028f7935efc0cb Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/migration_service/client.py:522
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0014656e229a78c0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/migration_service/client.py:563
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #973702978ce4375b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/migration_service/client.py:564
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #471488641b305ae8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_garden_service/client.py:195
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e36d341661c2ab14 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_garden_service/client.py:454
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7182157695bf8005 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_garden_service/client.py:495
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #153301ba2711c58d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_garden_service/client.py:496
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73a4ffdebec8e960 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_service/client.py:206
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91935c53c481ed69 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_service/client.py:520
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d35c7fdc192d2d04 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_service/client.py:561
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42803531a9081473 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_service/client.py:562
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab3d6d6e20b6f654 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/notebook_service/client.py:216
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #affefd81779d5488 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/notebook_service/client.py:543
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a547dac8242dcc68 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/notebook_service/client.py:584
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eea3504518eed1f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/notebook_service/client.py:585
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d50959f4246387e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/persistent_resource_service/client.py:209
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5c03a74c2833d9f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/persistent_resource_service/client.py:470
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2051f679af9d3a9b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/persistent_resource_service/client.py:511
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94840fab14cc3bdb Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/persistent_resource_service/client.py:512
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da527f64606fd7e7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/pipeline_service/client.py:211
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73079b5e7c9823a3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/pipeline_service/client.py:610
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cc4fa837ee8e70d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/pipeline_service/client.py:651
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #681933b0d76b8908 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/pipeline_service/client.py:652
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f011972ebe957f0f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/prediction_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b3912223a966b17 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/prediction_service/client.py:488
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #302dfff366c94df9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/prediction_service/client.py:529
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3915babb4742e76d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/prediction_service/client.py:530
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b991e8a2d8f377ff Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_execution_service/client.py:208
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d9d98e6ac668952 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_execution_service/client.py:408
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0804e1acea85a130 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_execution_service/client.py:451
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6643947cf62c2c47 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_execution_service/client.py:452
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11eb446006752f6e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_service/client.py:201
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f956d3cd6c3d4cf Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_service/client.py:445
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25a2f034a13335f9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_service/client.py:486
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0d14d29dfd51d0c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_service/client.py:487
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48ae59565a4f2197 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/schedule_service/client.py:205
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf1bd06b69137d16 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/schedule_service/client.py:648
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06afc5638f4a0bdd Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/schedule_service/client.py:689
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b224e519a0b0dd64 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/schedule_service/client.py:690
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6ca2629f94fac83 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/session_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9dc175a18583931 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/session_service/client.py:450
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #585e7ecbf92f8a29 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/session_service/client.py:491
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b5a513f16ead976 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/session_service/client.py:492
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb69314e4e2bd363 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/specialist_pool_service/client.py:205
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd7985b7c2e43b20 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/specialist_pool_service/client.py:403
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eca5288250f339b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/specialist_pool_service/client.py:444
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d85a06bd9b625302 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/specialist_pool_service/client.py:445
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb25ac822c023d07 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/tensorboard_service/client.py:213
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72ba6d4067093675 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/tensorboard_service/client.py:491
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b95ad944740a4c2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/tensorboard_service/client.py:532
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38bb227c99a4ad8e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/tensorboard_service/client.py:533
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #222b7288b68448f3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_data_service/client.py:201
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34d45ae74e428261 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_data_service/client.py:509
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c5757b623e9a8af Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_data_service/client.py:550
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e450ff3064843a2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_data_service/client.py:551
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd6b04d082d848a7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_service/client.py:196
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d2b4b151a8c3463 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_service/client.py:394
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7dfd6dca0ce6d677 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_service/client.py:435
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdd596f50b899275 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_service/client.py:436
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75715f3cdacbd3f1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vizier_service/client.py:200
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cdcb5dbd0274b50 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vizier_service/client.py:444
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79f8688a4d787e2a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vizier_service/client.py:485
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #523f3ad82c379552 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vizier_service/client.py:486
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4a1e3b8c892b3e2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/dataset_service/client.py:210
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28db6f51b810b9ed Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/dataset_service/client.py:618
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f2861218c462cb0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/dataset_service/client.py:659
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9ec33cb2c98e37d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/dataset_service/client.py:660
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4f5886e250e20d1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/deployment_resource_pool_service/client.py:213
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17f3668926085aa1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/deployment_resource_pool_service/client.py:479
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ceb46e3cd48ca9e3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/deployment_resource_pool_service/client.py:522
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b6607578618c397 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/deployment_resource_pool_service/client.py:523
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0af8d9c5381f453e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/endpoint_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2da1a6aee837a681 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/endpoint_service/client.py:507
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42f7e2efebadb1a3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/endpoint_service/client.py:548
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a87e550e8a293a08 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/endpoint_service/client.py:549
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2da061d9356b3282 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/evaluation_service/client.py:194
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5441e45c7786abb Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/evaluation_service/client.py:392
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18121fbf20b2a0e2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/evaluation_service/client.py:433
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0a5bdb73a27e0ed Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/evaluation_service/client.py:434
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3938205a17bde050 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/example_store_service/client.py:199
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef969a54d2c158d2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/example_store_service/client.py:397
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1702e6a2ccfc9fa4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/example_store_service/client.py:438
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77297cec6d37a542 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/example_store_service/client.py:439
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68863a4c7b9428b1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_execution_service/client.py:194
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7df49e4811083175 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_execution_service/client.py:414
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f046b9ef980788e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_execution_service/client.py:455
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5169842e22ad3e7d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_execution_service/client.py:456
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31d47f154f99fd93 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_registry_service/client.py:201
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1f94a5454f0314e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_registry_service/client.py:445
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c517269b7451231 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_registry_service/client.py:486
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #560f6bf890654eb7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_registry_service/client.py:487
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c92faddf5cbdde1d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_admin_service/client.py:223
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #176e235e2b3edfde Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_admin_service/client.py:471
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #571f9e05c847fef8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_admin_service/client.py:514
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3f549b0db942acf Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_admin_service/client.py:515
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9a1e30e607d1c4d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_service/client.py:198
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b3502a1d186b909 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_service/client.py:398
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83248fa9a5070203 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_service/client.py:439
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce65885c0f30b781 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_service/client.py:440
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0adcc69f0a784622 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_registry_service/client.py:214
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #756e5eedd09b9367 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_registry_service/client.py:488
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d382571ccb95cf7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_registry_service/client.py:529
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c59995799ae0f2aa Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_registry_service/client.py:530
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03a3dc65dab0f779 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_online_serving_service/client.py:205
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fec2bfa7fba353b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_online_serving_service/client.py:407
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e94ee15b200fb55e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_online_serving_service/client.py:450
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #842de8c00ce21cd8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_online_serving_service/client.py:451
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c6bac9017ce207e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_service/client.py:210
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe53ff616c39b173 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_service/client.py:458
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2e5a4d891b0b4b4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_service/client.py:499
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75c7d710c1863b3e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_service/client.py:500
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81fe7cc45a7b528f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_cache_service/client.py:200
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00e086b1dbc332e0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_cache_service/client.py:420
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1753efda2541e02 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_cache_service/client.py:461
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8348f0971c2fc00e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_cache_service/client.py:462
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2e52390d514ff67 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_tuning_service/client.py:200
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2702e9ccddc76006 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_tuning_service/client.py:488
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9eaca2301abe7c23 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_tuning_service/client.py:529
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55d7e75d29b8fe63 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_tuning_service/client.py:530
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f5684a587b1e201 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_endpoint_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f433a330cad33d9a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_endpoint_service/client.py:444
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58f78c4205b98126 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_endpoint_service/client.py:485
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2383692abf3662de Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_endpoint_service/client.py:486
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74d2828c47e1516b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_service/client.py:203
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #509eb330dcb2b16c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_service/client.py:423
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f83d9e8e739baa78 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_service/client.py:464
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdd5f29e78d7bc5d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_service/client.py:465
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1ea5be652068a16 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/job_service/client.py:230
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bec59edc8dd999f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/job_service/client.py:805
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f79ba85986e5faf Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/job_service/client.py:846
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09891a4ff94e2d3d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/job_service/client.py:847
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6826708a43a1c718 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/llm_utility_service/client.py:192
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c69d1c8348c7677 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/llm_utility_service/client.py:390
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b79c49252267ce8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/llm_utility_service/client.py:431
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0afbb56a002606a8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/llm_utility_service/client.py:432
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c69b06a2eac06739 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/match_service/client.py:192
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cd24401260d621d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/match_service/client.py:390
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45c471dad20f9723 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/match_service/client.py:431
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08294233eee230b7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/match_service/client.py:432
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4900cb73802c18dc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/memory_bank_service/client.py:199
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b131bec6908a568 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/memory_bank_service/client.py:445
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ac2e2dca389830d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/memory_bank_service/client.py:486
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25c5fa2ca8ccc6e2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/memory_bank_service/client.py:487
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eda682f5412a94d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/metadata_service/client.py:212
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6917be085000885e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/metadata_service/client.py:506
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f963b91112aabec9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/metadata_service/client.py:547
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5356831eaa5aaf12 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/metadata_service/client.py:548
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d523a4b06186e977 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/migration_service/client.py:197
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #393e285777fc1c7b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/migration_service/client.py:522
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc7b4044aab004eb Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/migration_service/client.py:563
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76a8f45919ebb6d7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/migration_service/client.py:564
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28fc1efe71b224a3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_garden_service/client.py:196
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #765ba18c788a02bd Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_garden_service/client.py:455
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ecad9d56466a28b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_garden_service/client.py:496
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be8e1855402dac9b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_garden_service/client.py:497
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a80a14f86cf0af01 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_monitoring_service/client.py:213
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #631c87fca27eb7fc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_monitoring_service/client.py:567
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e49c6ed23716c069 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_monitoring_service/client.py:608
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd5f0d4613365391 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_monitoring_service/client.py:609
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2daeaf24dcb206a3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_service/client.py:208
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #433c5c17222861e3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_service/client.py:522
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e67d079a7f3c6ac0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_service/client.py:563
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57ebf44c05bfc697 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_service/client.py:564
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #170e7a53be51c265 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/notebook_service/client.py:218
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9aa3cb4546bbe6c1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/notebook_service/client.py:545
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7623f578b6cf87fe Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/notebook_service/client.py:586
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c91e4771c180673 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/notebook_service/client.py:587
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #325693049bb363ee Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/online_evaluator_service/client.py:204
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11d49e588d43b028 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/online_evaluator_service/client.py:402
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ab07374c97ddbdf Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/online_evaluator_service/client.py:443
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a5242de0568a140 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/online_evaluator_service/client.py:444
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #093983b4481ea79b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/persistent_resource_service/client.py:209
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27dd5fe5144602b2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/persistent_resource_service/client.py:492
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61f368370e8330b7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/persistent_resource_service/client.py:533
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f0de5ff9520fe6e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/persistent_resource_service/client.py:534
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f21684e1ac10169 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/pipeline_service/client.py:213
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa7cc29d6d6ede6c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/pipeline_service/client.py:612
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65f06b41f37423b7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/pipeline_service/client.py:653
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba610f0bc6c2d8dc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/pipeline_service/client.py:654
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdcc4c7c2b1b50d7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/prediction_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfc7e1fcb9fe8cb4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/prediction_service/client.py:488
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54c73e561b825b86 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/prediction_service/client.py:529
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08d9508a08912260 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/prediction_service/client.py:530
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #692c7ceb346eeb8e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_execution_service/client.py:208
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0da7c7f2d16e221 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_execution_service/client.py:408
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fd47a55db2a5064 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_execution_service/client.py:451
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa1350d7348e71f2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_execution_service/client.py:452
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50f9e394f2268909 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_runtime_revision_service/client.py:215
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc8724340abb69b9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_runtime_revision_service/client.py:485
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49659eafdc18db9c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_runtime_revision_service/client.py:528
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80b01065604ed128 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_runtime_revision_service/client.py:529
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6defcdaa2ca4ea8c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_service/client.py:203
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d542e93e2292256 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_service/client.py:493
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93e483b278814da6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_service/client.py:534
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #848eb7222349221d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_service/client.py:535
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6af9c8b4fb30e1d2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/schedule_service/client.py:206
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b3b94c645a36784 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/schedule_service/client.py:761
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d302f47539d2206 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/schedule_service/client.py:802
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a3045b2ac7fd2d4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/schedule_service/client.py:803
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ad543dfaf194d06 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/session_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #786f24acf2d9a83e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/session_service/client.py:450
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9be7f898fb43a2d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/session_service/client.py:491
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e4318619a2816dd Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/session_service/client.py:492
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a60c76792a511d23 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/specialist_pool_service/client.py:205
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95ba0c68b5ce3abc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/specialist_pool_service/client.py:403
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d861acbd59d83b6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/specialist_pool_service/client.py:444
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce2575bbc5697cbf Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/specialist_pool_service/client.py:445
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83c3711f997806b5 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/tensorboard_service/client.py:213
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3dc3fc7e0e8a967 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/tensorboard_service/client.py:491
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8888507f060ec63 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/tensorboard_service/client.py:532
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76fc699630883ea4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/tensorboard_service/client.py:533
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #425df2730b5e102a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_data_service/client.py:201
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f81af8f5ad559bc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_data_service/client.py:559
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b45a43534bced0e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_data_service/client.py:600
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84b3e201a4e90b0a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_data_service/client.py:601
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8149be595f4d8495 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_service/client.py:196
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7a6d3397b3dbc25 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_service/client.py:394
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7f96119db946ed6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_service/client.py:435
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #445b3ea5262ad778 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_service/client.py:436
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d69ed2bfdf094cf Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vizier_service/client.py:200
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db42b241ea729028 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vizier_service/client.py:444
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #526c8d9c345ae39b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vizier_service/client.py:485
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3a33418ffc11c7f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vizier_service/client.py:486
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1197c9ab09d14c2d Filesystem access.
pkgs/python/[email protected]/setup.py:28
with io.open(readme_filename, encoding="utf-8") as readme_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85135f387e3d6311 Filesystem access.
pkgs/python/[email protected]/setup.py:32
with open(os.path.join(package_root, "google/cloud/aiplatform/version.py")) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90f9883355594361 Filesystem access.
pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1461
            with open(requirements) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #207d8706fe275d10 Environment-variable access.
pkgs/python/[email protected]/vertexai/_genai/_evals_common.py:2150
    original_location = os.environ.get("GOOGLE_CLOUD_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a533ec0d88aed89 Environment-variable access.
pkgs/python/[email protected]/vertexai/_genai/_evals_common.py:2172
                os.environ["GOOGLE_CLOUD_LOCATION"] = "global"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dae06cf584de1643 Environment-variable access.
pkgs/python/[email protected]/vertexai/_genai/_evals_common.py:2201
                del os.environ["GOOGLE_CLOUD_LOCATION"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #451ee29e2c69095d Environment-variable access.
pkgs/python/[email protected]/vertexai/_genai/_evals_common.py:2203
                os.environ["GOOGLE_CLOUD_LOCATION"] = original_location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #6916191743aedc01 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/_evals_utils.py:923
        response = api_client.request("get", operation.name, {}, None)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #3ee47d81f06b3ce1 Filesystem access.
pkgs/python/[email protected]/vertexai/_genai/_skills_utils.py:50
                with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #d08584d5abd70493 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/a2a_task_events.py:161
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3c236436b65ef403 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/a2a_task_events.py:250
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ccabb7d1d45a83de Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/a2a_tasks.py:198
        self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #76aaf4fe7a29defe Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/a2a_tasks.py:256
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b57e890507da81b1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/a2a_tasks.py:340
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #32f8bd4e89fc4ed1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/a2a_tasks.py:428
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #68d4c9767e4df594 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/agent_engines.py:813
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bb5c8a59d9e74a6a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/agent_engines.py:887
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7343c1aac867597a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/agent_engines.py:964
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #fefc16aa13f69c2b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/agent_engines.py:1037
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f0f5f3b9785a75f1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/agent_engines.py:1129
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #dfedc8ebd12d1fb1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/agent_engines.py:1198
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6b106e39190b0738 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/agent_engines.py:1269
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4baa4181eb963df5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/agent_engines.py:1340
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b0a6893d0f08b7d9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/agent_engines.py:1412
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #32f4c373b5d3df1f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/agent_engines.py:1483
        response = self._api_client.request("patch", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #eb2c0a7da66b0562 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/agent_engines.py:1630
        raw_response = self._api_client.request("get", name, {})

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e9f5855025a5f970 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/datasets.py:298
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #791c7513a73bf7eb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/datasets.py:390
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a7bd02a953666560 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/datasets.py:472
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #46aba4aee9bb22b7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/datasets.py:543
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f2495969cd93f129 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/datasets.py:615
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #15acf34f7cd297f9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/datasets.py:693
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8537a9bbe78fd874 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/datasets.py:763
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0afa36c236c7cf65 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/datasets.py:843
        response = self._api_client.request("patch", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #132ffc5abaef5f7b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/evals.py:1057
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7cfeb4886283591a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/evals.py:1133
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #72e021475d4cd8d8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/evals.py:1222
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #cf8dd7f96c4ce2a6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/evals.py:1299
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #51befa97563ad96b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/evals.py:1371
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #316e4adbe5d05c34 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/evals.py:1475
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ba6c0664ef4da28d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/evals.py:1557
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #90f5860ea8bb67ec Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/evals.py:1635
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #413d7e38239e1d18 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/evals.py:1715
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8556f7907ebce00b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/evals.py:1787
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6ba793a38d94ce8e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/evals.py:1859
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #74eec75b79f9cb06 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/evals.py:1931
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c34aea1dc3679b5f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/evals.py:2000
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #dafb1908908da9e8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/evals.py:2068
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #75cadc3adf22b615 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/evals.py:2331
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #118faba8ab1a695e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/memories.py:584
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2315a5287f0a878c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/memories.py:666
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0c41567d89126028 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/memories.py:754
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c7b47ffc35af915e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/memories.py:834
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #28ad2bb83881896f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/memories.py:918
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #64dcb673e64ec674 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/memories.py:992
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f8b7116c6b3798ae Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/memories.py:1062
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #78804e31013a9669 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/memories.py:1132
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #875dedda05ace2ae Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/memories.py:1216
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #eb5135be8628806a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/memories.py:1318
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #fffb0df269ca7eb7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/memories.py:1394
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1b7998bb3743fe6f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/memories.py:1472
        response = self._api_client.request("patch", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0f7b56d2ee710e43 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/memories.py:1552
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4d9166e43ca0e284 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/memory_revisions.py:140
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #47216b7a223e686d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/memory_revisions.py:224
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #236f06db45c5726f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/prompt_optimizer.py:251
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4a9982e5f02b2d3d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/prompt_optimizer.py:323
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b691113d05eb2dd8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/prompt_optimizer.py:395
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b5059f96159fece5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/prompt_optimizer.py:586
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e3372615b0458ac1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/prompts.py:512
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b45722158edb4687 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/prompts.py:592
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f763ceaf1d7d58c2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/prompts.py:664
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f0aad96840eada6d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/prompts.py:740
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #877e78c6cbeb8043 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/prompts.py:816
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #dc6b6dee0d1156d7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/prompts.py:884
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bdb4c791fae3953c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/prompts.py:962
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9f0bffaf82254e3c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/prompts.py:1027
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #969a6bc5eebcb601 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/prompts.py:1101
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ed773bd5a6f4de99 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/prompts.py:1177
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a683802248a6defb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/prompts.py:1261
        response = self._api_client.request("patch", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #739d340453ea5eb1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/prompts.py:1333
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #dedcabbab0a49e9b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/prompts.py:1405
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7bf924b5773f6f2d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/prompts.py:1480
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #434a0713af3aeceb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/prompts.py:2311
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #885b0c238c968285 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/runtime_revisions.py:189
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a5e2b04eedbf4a43 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/runtime_revisions.py:273
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7fad36c8bdd4e7be Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/runtime_revisions.py:359
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #04cc436fb3ebdb97 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/runtime_revisions.py:433
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #cd77422990576553 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/runtime_revisions.py:507
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5ccd5a34d0e11554 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sandbox_snapshots.py:206
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #142fa137c4b139cd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sandbox_snapshots.py:281
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5d32e15b6c4218f9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sandbox_snapshots.py:356
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c1c1006316fa019c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sandbox_snapshots.py:431
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #35c83a17e18a85a3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sandbox_snapshots.py:501
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #df28b082db6eacfb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sandbox_templates.py:217
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c8f2cc404f131ea6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sandbox_templates.py:299
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3fc8268b7ee496c7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sandbox_templates.py:385
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #45d71c6df41c10af Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sandbox_templates.py:467
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #18315cac7dc2669e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sandbox_templates.py:537
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #edf19d6574055acb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sandboxes.py:231
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #32193a6aebd468a2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sandboxes.py:311
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #23b552df1ee7d961 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sandboxes.py:387
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1c78596d157005f4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sandboxes.py:467
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #cdaae66bff9faea4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sandboxes.py:551
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d31a0bfd64d3cf97 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sandboxes.py:621
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f23a20e04cb0cf03 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sandboxes.py:965
        response = http_client._api_client.request(http_method, path, request_dict)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d1a7a41cd9a9cef1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/session_events.py:191
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #64db3120771813a4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/session_events.py:275
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e89e791201b5cdd8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sessions.py:273
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #784eb6502db431f5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sessions.py:357
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6e73fabc724e288b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sessions.py:441
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #670d3d9186b9ccd5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sessions.py:525
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a82d04fb5cee120b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sessions.py:595
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #13b85a6522dc61e3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/sessions.py:679
        response = self._api_client.request("patch", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d0eb78b477241e4f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/skill_revisions.py:126
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bb586d37058dac44 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/skill_revisions.py:200
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8c7341239039058a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/skills.py:267
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c361add89572b90c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/skills.py:336
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2b31977a7144d96f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/skills.py:410
        response = self._api_client.request("post", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #73c3e1f9f6d835a4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/skills.py:479
        response = self._api_client.request("patch", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c8dab3eb4f1ee238 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/skills.py:547
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7d7e97828d6bfb5a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/skills.py:616
        response = self._api_client.request("delete", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7815f5215c30095c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/_genai/skills.py:684
        response = self._api_client.request("get", path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #ef817b21f237944d Filesystem access.
pkgs/python/[email protected]/vertexai/_genai/types/common.py:1837
        with open(file_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6b119fbea2895f9 Filesystem access.
pkgs/python/[email protected]/vertexai/_genai/types/common.py:1944
                with open(config_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40a080e330cc96f6 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1131
        if GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fe166b97429e52c Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1132
            os.environ[GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY] = "unspecified"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #190c43b58332048b Filesystem access.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1156
            with open(requirements) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf2b753209f791d3 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1369
        if env_var not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45e789a8c88f0b1c Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1372
            aip_types.EnvVar(name=env_var, value=os.environ[env_var])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8434d271955546ad Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/a2a.py:320
        os.environ["GOOGLE_GENAI_USE_VERTEXAI"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d6bb57b987154d0 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/a2a.py:322
        os.environ["GOOGLE_CLOUD_PROJECT"] = project

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #675d1b92577c440b Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/a2a.py:324
        os.environ["GOOGLE_CLOUD_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49110997542f935d Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/a2a.py:325
        agent_engine_id = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", "test-agent-engine")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f98e1477a058391 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:346
        location = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "") or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7eb756fd2ed696ea Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:346
        location = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "") or os.getenv(
            "GOOGLE_CLOUD_LOCATION", ""
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e85d863e457a9ccd Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:349
        agent_engine_id = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #867d14c9d69459fb Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:385
            "service.name": os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #157b922fbfb474bb Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:388
                os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c43fadf7b75bfec Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:389
                or os.getenv("GOOGLE_CLOUD_LOCATION", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b3e9770700457fe Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:501
        if "gen_ai_latest_experimental" in os.getenv(
            "OTEL_SEMCONV_STABILITY_OPT_IN", ""
        ).split(","):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #113e0b1660182407 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:508
                        default_log_name=os.getenv(
                            "GCP_DEFAULT_LOG_NAME", "adk-on-agent-engine"
                        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67c2e589fcbc5b26 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:519
                        default_log_name=os.getenv(
                            "GCP_DEFAULT_LOG_NAME", "adk-on-agent-engine"
                        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #d8dd383dccc1e379 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:598
    r = session.post(endpoint, data=None)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #d7fdddf262296a77 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:612
    use_mtls_endpoint_str = os.getenv(
        "GOOGLE_API_USE_MTLS_ENDPOINT", _MtlsEndpoint.AUTO.value
    ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72074d1f4725a990 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:650
        use_client_cert_str = os.getenv(
            "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c0dbaa39069fb45 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:756
                initializer.global_config.api_key or os.environ.get("GOOGLE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e7aeba6d7d4ae5a Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:920
        os.environ["GOOGLE_GENAI_USE_VERTEXAI"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f443bc6ccfd3fd4 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:921
        os.environ["GOOGLE_GENAI_USE_ENTERPRISE"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91dca1465a81293d Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:924
            os.environ["GOOGLE_CLOUD_PROJECT"] = project

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c795e39001eaf92 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:927
            if "GOOGLE_CLOUD_AGENT_ENGINE_LOCATION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6210e995a2f962b5 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:928
                os.environ["GOOGLE_CLOUD_AGENT_ENGINE_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dfb6a0baf223e07 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:929
            if "GOOGLE_CLOUD_LOCATION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f26866cc11be63f Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:930
                os.environ["GOOGLE_CLOUD_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f15c744bc8025145 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:931
        agent_engine_location = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #583c1f8e93095722 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:931
        agent_engine_location = os.environ.get(
            "GOOGLE_CLOUD_AGENT_ENGINE_LOCATION",  # the runtime env var (if set)
            location,  # the location set in the AdkApp template
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #beef033d1485ef06 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:937
            os.environ["GOOGLE_API_KEY"] = express_mode_api_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e089101db446be4b Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:939
            os.environ.pop("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c5c4e6283001c4f Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:940
            os.environ.pop("GOOGLE_CLOUD_LOCATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9df3a08d872828f5 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:941
            os.environ.pop("GOOGLE_CLOUD_PROJECT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc97f4daf3ae9215 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:948
            os.environ["ADK_CAPTURE_MESSAGE_CONTENT_IN_SPANS"] = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #240bec05992bbe5a Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:950
            os.environ["ADK_CAPTURE_MESSAGE_CONTENT_IN_SPANS"] = "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc075eb2a17c0ca8 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:996
            if "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9abd7e18dd86a00a Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:997
                self._tmpl_attrs["app_name"] = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebe8a8131c1b97d3 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:997
                self._tmpl_attrs["app_name"] = os.environ.get(
                    "GOOGLE_CLOUD_AGENT_ENGINE_ID",
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f845f9e943ab2b39 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1012
        elif "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d732d930eec87a02 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1023
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da9b1edc5e5f1e2c Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1035
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41bdc842b50e799f Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1044
        elif "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ and is_version_sufficient(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e882e68efb68e1d Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1057
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #953b7fabf3a1aa6b Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1069
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a486b1894f75ae84 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1802
        env_value = os.getenv(
            GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY, "unspecified"
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #859750dce4ea3669 Filesystem access.
pkgs/python/[email protected]/vertexai/evaluation/utils.py:214
        with open(filepath, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd27f6d632258e4f Filesystem access.
pkgs/python/[email protected]/vertexai/evaluation/utils.py:323
        json.dump(summary, open(local_summary_path, "w"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4d501a4307590ed Filesystem access.
pkgs/python/[email protected]/vertexai/generative_models/_generative_models.py:3257
        image_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d61577b94462bb07 Filesystem access.
pkgs/python/[email protected]/vertexai/preview/evaluation/metric_utils.py:72
        with open(file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1ab7471674cb38d Filesystem access.
pkgs/python/[email protected]/vertexai/preview/evaluation/metric_utils.py:203
    with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59b14aaee407bf64 Filesystem access.
pkgs/python/[email protected]/vertexai/preview/evaluation/utils.py:272
        with open(filepath, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #611a60ba9fa2cbcc Filesystem access.
pkgs/python/[email protected]/vertexai/preview/evaluation/utils.py:408
        json.dump(summary, open(local_summary_path, "w"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a01f3696543b724 Filesystem access.
pkgs/python/[email protected]/vertexai/preview/rag/rag_data.py:490
        "file": open(path, "rb"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #808e46a85e8498f8 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/a2a.py:241
        os.environ["GOOGLE_GENAI_USE_VERTEXAI"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33758af06f2710a3 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/a2a.py:243
        os.environ["GOOGLE_CLOUD_PROJECT"] = project

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bac334217bcb5c16 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/a2a.py:245
        os.environ["GOOGLE_CLOUD_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4d4f5f50874cb95 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/a2a.py:246
        agent_engine_id = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", "test-agent-engine")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bff895ea9c11320f Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:278
    use_mtls_endpoint_str = os.getenv(
        "GOOGLE_API_USE_MTLS_ENDPOINT", _MtlsEndpoint.AUTO.value
    ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45fe207513db0bb7 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:316
        use_client_cert_str = os.getenv(
            "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eccb969d35711859 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:407
        location = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "") or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c367066cc56ecf32 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:407
        location = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "") or os.getenv(
            "GOOGLE_CLOUD_LOCATION", ""
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd4d0fdd835a1753 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:410
        agent_engine_id = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acbe868c02e41a1d Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:446
            "service.name": os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98b0eb7a4c226110 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:449
                os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #201e5a030cbf88e9 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:450
                or os.getenv("GOOGLE_CLOUD_LOCATION", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d884401cad43d18 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:562
        if "gen_ai_latest_experimental" in os.getenv(
            "OTEL_SEMCONV_STABILITY_OPT_IN", ""
        ).split(","):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a63eeba61151dda9 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:569
                        default_log_name=os.getenv(
                            "GCP_DEFAULT_LOG_NAME", "adk-on-agent-engine"
                        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d31279106c0a45a Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:580
                        default_log_name=os.getenv(
                            "GCP_DEFAULT_LOG_NAME", "adk-on-agent-engine"
                        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69cb67cb60f5ca40 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:833
        os.environ["GOOGLE_GENAI_USE_VERTEXAI"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2d6b1f591aad2a2 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:835
        os.environ["GOOGLE_CLOUD_PROJECT"] = project

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8807762922b14dad Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:838
            if "GOOGLE_CLOUD_AGENT_ENGINE_LOCATION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78fbdf60170ab48a Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:839
                os.environ["GOOGLE_CLOUD_AGENT_ENGINE_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea59137d0922322e Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:840
            if "GOOGLE_CLOUD_LOCATION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #402c404418e900df Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:841
                os.environ["GOOGLE_CLOUD_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d084513eb615e8f Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:847
            os.environ["ADK_CAPTURE_MESSAGE_CONTENT_IN_SPANS"] = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aae7b1443840af20 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:849
            os.environ["ADK_CAPTURE_MESSAGE_CONTENT_IN_SPANS"] = "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efbea1b75f0135e6 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:889
            os.environ[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d9104983ef42f71 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:890
        if "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70d841a20dbebbbc Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:891
            self._tmpl_attrs["app_name"] = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb3aae7955db34ab Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:891
            self._tmpl_attrs["app_name"] = os.environ.get(
                "GOOGLE_CLOUD_AGENT_ENGINE_ID",
                self._tmpl_attrs.get("app_name"),
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #167d24810cfd8e6a Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:905
        elif "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e0d426f86b25ff0 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:915
                        agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d77911bd8da8b93 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:930
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17dc952e9ec6edee Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:939
        elif "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ and is_version_sufficient(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a228efc37916daee Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:950
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfcc76ce98a157fc Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:1674
        env_value = os.getenv(
            GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY, "unspecified"
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #4290628fca83183b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:1730
        r = session.post(endpoint, data=None)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #449154a0984d2005 Filesystem access.
pkgs/python/[email protected]/vertexai/rag/rag_data.py:429
        "file": open(path, "rb"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d5d325008ee5cd7 Filesystem access.
pkgs/python/[email protected]/vertexai/reasoning_engines/_reasoning_engines.py:603
            with open(requirements) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a5cf2c836268bd4 Filesystem access.
pkgs/python/[email protected]/vertexai/tokenization/_tokenizer_loading.py:84
    with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f50503435f3d751 Filesystem access.
pkgs/python/[email protected]/vertexai/tokenization/_tokenizer_loading.py:98
        with open(tmp_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f597f3f31654c5a9 Filesystem access.
pkgs/python/[email protected]/vertexai/vision_models/_vision_models.py:186
        image_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a44c2fde1ec087b4 Filesystem access.
pkgs/python/[email protected]/vertexai/vision_models/_vision_models.py:531
        video_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

opentelemetry-exporter-otlp-proto-grpc

python dependency
medium telemetry dependency Excluded from app score #a9874bcad485e07d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:19
from opentelemetry.exporter.otlp.proto.common._log_encoder import encode_logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #642653bd9e495e5e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:20
from opentelemetry.exporter.otlp.proto.grpc.exporter import (
    OTLPExporterMixin,
    _get_credentials,
    environ_to_compression,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fa856f69c29e34e1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:25
from opentelemetry.proto.collector.logs.v1.logs_service_pb2 import (
    ExportLogsServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #449c179d5d828c4b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:28
from opentelemetry.proto.collector.logs.v1.logs_service_pb2_grpc import (
    LogsServiceStub,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8b67633b1782e23d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:31
from opentelemetry.sdk._logs import ReadableLogRecord

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #930bd35b87ff5b8c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:32
from opentelemetry.sdk._logs.export import (
    LogRecordExporter,
    LogRecordExportResult,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9f06e36bb9c24d68 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:36
from opentelemetry.sdk.environment_variables import (
    _OTEL_PYTHON_EXPORTER_OTLP_GRPC_LOGS_CREDENTIAL_PROVIDER,
    OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE,
    OTEL_EXPORTER_OTLP_LOGS_CLIENT_CERTIFICATE,
    OTEL_EXPORTER_OTLP_LOGS_CLIENT_KEY,
    OTEL_EXPORTER_OTLP_LOGS_COMPRESSION,
    OTEL_EXPORTER_OTLP_LOGS_ENDPOINT,
    OTEL_EXPORTER_OTLP_LOGS_HEADERS,
    OTEL_EXPORTER_OTLP_LOGS_INSECURE,
    OTEL_EXPORTER_OTLP_LOGS_TIMEOUT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c30fb7cd2b31dec1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:53
from opentelemetry.exporter.otlp.proto.common._internal import (
    _get_resource_data,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1b0fe375e7e67d31 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:56
from opentelemetry.exporter.otlp.proto.grpc import (
    _OTLP_GRPC_CHANNEL_OPTIONS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f234ca1f85b98760 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:59
from opentelemetry.proto.collector.logs.v1.logs_service_pb2 import (
    ExportLogsServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b8b1ff2ef8df8ec2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:62
from opentelemetry.proto.collector.logs.v1.logs_service_pb2_grpc import (
    LogsServiceStub,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #718c4628b5440034 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:65
from opentelemetry.proto.collector.metrics.v1.metrics_service_pb2 import (
    ExportMetricsServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6cb381890fcebb39 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:68
from opentelemetry.proto.collector.metrics.v1.metrics_service_pb2_grpc import (
    MetricsServiceStub,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #91f789d86fabe19d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:71
from opentelemetry.proto.collector.trace.v1.trace_service_pb2 import (
    ExportTraceServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a40bea5b602d46cb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:74
from opentelemetry.proto.collector.trace.v1.trace_service_pb2_grpc import (
    TraceServiceStub,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bb62e1f0636cc7f6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:77
from opentelemetry.proto.common.v1.common_pb2 import (  # noqa: F401
    AnyValue,
    ArrayValue,
    KeyValue,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #233444478478cc34 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:82
from opentelemetry.proto.resource.v1.resource_pb2 import Resource  # noqa: F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aec520180fb1a5ea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:83
from opentelemetry.sdk._logs import ReadableLogRecord

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1dec92186e5adf7a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:84
from opentelemetry.sdk._logs.export import LogRecordExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #712958e44fc7bbc7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:85
from opentelemetry.sdk._shared_internal import DuplicateFilter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #675e8013bb77d220 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:86
from opentelemetry.sdk.environment_variables import (
    _OTEL_PYTHON_EXPORTER_OTLP_GRPC_CREDENTIAL_PROVIDER,
    OTEL_EXPORTER_OTLP_CERTIFICATE,
    OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE,
    OTEL_EXPORTER_OTLP_CLIENT_KEY,
    OTEL_EXPORTER_OTLP_COMPRESSION,
    OTEL_EXPORTER_OTLP_ENDPOINT,
    OTEL_EXPORTER_OTLP_HEADERS,
    OTEL_EXPORTER_OTLP_INSECURE,
    OTEL_EXPORTER_OTLP_TIMEOUT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a73fb4c75b1dca06 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:97
from opentelemetry.sdk.metrics.export import MetricExportResult, MetricsData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a758a8fbe3f52c1e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:98
from opentelemetry.sdk.resources import Resource as SDKResource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5991458d92a7cb2c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:99
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6c69776c10182a79 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:100
from opentelemetry.sdk.trace.export import SpanExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ee663adc91762b63 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:101
from opentelemetry.util._importlib_metadata import entry_points

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0d6d8cd7675fc902 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:102
from opentelemetry.util.re import parse_env_headers

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dc937a80a2865419 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:23
from opentelemetry.exporter.otlp.proto.common._internal.metrics_encoder import (
    OTLPMetricExporterMixin,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ca186ce03fd70d6f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:26
from opentelemetry.exporter.otlp.proto.common.metrics_encoder import (
    encode_metrics,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #40bcab5f76b1bb42 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:29
from opentelemetry.exporter.otlp.proto.grpc.exporter import (  # noqa: F401
    OTLPExporterMixin,
    _get_credentials,
    environ_to_compression,
    get_resource_data,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c25caa7660158253 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:35
from opentelemetry.proto.collector.metrics.v1.metrics_service_pb2 import (
    ExportMetricsServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #19d711bff7d617a1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:38
from opentelemetry.proto.collector.metrics.v1.metrics_service_pb2_grpc import (
    MetricsServiceStub,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #19f1be5b82dc66b8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:41
from opentelemetry.proto.common.v1.common_pb2 import (  # noqa: F401
    InstrumentationScope,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bba8fed945f0378d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:44
from opentelemetry.proto.metrics.v1 import metrics_pb2 as pb2  # noqa: F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b4bcb8077ef4a2eb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:45
from opentelemetry.sdk.environment_variables import (
    _OTEL_PYTHON_EXPORTER_OTLP_GRPC_METRICS_CREDENTIAL_PROVIDER,
    OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE,
    OTEL_EXPORTER_OTLP_METRICS_CLIENT_CERTIFICATE,
    OTEL_EXPORTER_OTLP_METRICS_CLIENT_KEY,
    OTEL_EXPORTER_OTLP_METRICS_COMPRESSION,
    OTEL_EXPORTER_OTLP_METRICS_ENDPOINT,
    OTEL_EXPORTER_OTLP_METRICS_HEADERS,
    OTEL_EXPORTER_OTLP_METRICS_INSECURE,
    OTEL_EXPORTER_OTLP_METRICS_TIMEOUT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a38efb6a607fc0bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:56
from opentelemetry.sdk.metrics._internal.aggregation import Aggregation

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cb66ce87f6de67cc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:57
from opentelemetry.sdk.metrics.export import (  # noqa: F401
    AggregationTemporality,
    DataPointT,
    Gauge,
    Metric,
    MetricExporter,
    MetricExportResult,
    MetricsData,
    ResourceMetrics,
    ScopeMetrics,
    Sum,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3b7d0fd9e395a30b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:69
from opentelemetry.sdk.metrics.export import (  # noqa: F401
    ExponentialHistogram as ExponentialHistogramType,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c2dc2f48999ca456 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:72
from opentelemetry.sdk.metrics.export import (  # noqa: F401
    Histogram as HistogramType,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f4c0efa66b0db2cc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:22
from opentelemetry.exporter.otlp.proto.common.trace_encoder import (
    encode_spans,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3446948661f1549b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:25
from opentelemetry.exporter.otlp.proto.grpc.exporter import (  # noqa: F401
    OTLPExporterMixin,
    _get_credentials,
    environ_to_compression,
    get_resource_data,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9733ac1dede14432 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:31
from opentelemetry.proto.collector.trace.v1.trace_service_pb2 import (
    ExportTraceServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #26e7d1c922830a50 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:34
from opentelemetry.proto.collector.trace.v1.trace_service_pb2_grpc import (
    TraceServiceStub,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #db9a5c1cea83eabc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:37
from opentelemetry.proto.common.v1.common_pb2 import (  # noqa: F401
    InstrumentationScope,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1f2da96ddd97aae0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:40
from opentelemetry.proto.trace.v1.trace_pb2 import (  # noqa: F401
    ResourceSpans,
    ScopeSpans,
    Status,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7659905481ff5698 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:45
from opentelemetry.proto.trace.v1.trace_pb2 import (  # noqa: F401
    Span as CollectorSpan,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #125335dfa0a5216b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:48
from opentelemetry.sdk.environment_variables import (
    _OTEL_PYTHON_EXPORTER_OTLP_GRPC_TRACES_CREDENTIAL_PROVIDER,
    OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE,
    OTEL_EXPORTER_OTLP_TRACES_CLIENT_CERTIFICATE,
    OTEL_EXPORTER_OTLP_TRACES_CLIENT_KEY,
    OTEL_EXPORTER_OTLP_TRACES_COMPRESSION,
    OTEL_EXPORTER_OTLP_TRACES_ENDPOINT,
    OTEL_EXPORTER_OTLP_TRACES_HEADERS,
    OTEL_EXPORTER_OTLP_TRACES_INSECURE,
    OTEL_EXPORTER_OTLP_TRACES_TIMEOUT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0eee7c88cf50a54d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:59
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7cba938ccdd541a9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:60
from opentelemetry.sdk.trace.export import SpanExporter, SpanExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 27 low-confidence finding(s)
low env_fs dependency Excluded from app score #e31917e6fd26bbf1 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:70
        insecure_logs = environ.get(OTEL_EXPORTER_OTLP_LOGS_INSECURE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a7c90fa44b2e490 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:76
            and environ.get(OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a1f7cca02f3b3f2 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:86
        environ_timeout = environ.get(OTEL_EXPORTER_OTLP_LOGS_TIMEOUT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8effd7d1db47e3fd Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:99
            endpoint=endpoint or environ.get(OTEL_EXPORTER_OTLP_LOGS_ENDPOINT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2509448df640c84e Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:102
            headers=headers or environ.get(OTEL_EXPORTER_OTLP_LOGS_HEADERS),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdc472e3f2aa84ee Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:160
        environ[environ_key].lower().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #090c90635adc4c7d Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:161
        if environ_key in environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea09d6ef828591f2 Filesystem access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:185
        with open(file_path, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26901bd501afd843 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:226
    _credential_env = environ.get(credential_entry_point_env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29daa1c45e965bbb Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:250
    certificate_file = environ.get(certificate_file_env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f19c3217fa5f55bf Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:252
        client_key_file = environ.get(client_key_file_env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac6850c9cc7b06dc Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:253
        client_certificate_file = environ.get(client_certificate_file_env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d543effeb2f26232 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:293
        self._endpoint = endpoint or environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d8a23ac5f1fb2c5 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:293
        self._endpoint = endpoint or environ.get(
            OTEL_EXPORTER_OTLP_ENDPOINT, "http://localhost:4317"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2d756639fd96073 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:301
        insecure_exporter = environ.get(OTEL_EXPORTER_OTLP_INSECURE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fca1a0e46d2149df Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:311
        self._headers = headers or environ.get(OTEL_EXPORTER_OTLP_HEADERS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a52039323414c824 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:335
            environ.get(OTEL_EXPORTER_OTLP_TIMEOUT, 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe1b27b4f689f9b3 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:113
        insecure_metrics = environ.get(OTEL_EXPORTER_OTLP_METRICS_INSECURE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f67e6c2c8bba057f Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:119
            and environ.get(OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ec51e0f7e066297 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:129
        environ_timeout = environ.get(OTEL_EXPORTER_OTLP_METRICS_TIMEOUT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #161c366a4b6ffede Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:149
            or environ.get(OTEL_EXPORTER_OTLP_METRICS_ENDPOINT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a76a4e65a0579f92 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:152
            headers=headers or environ.get(OTEL_EXPORTER_OTLP_METRICS_HEADERS),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43e536cdca537468 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:99
        insecure_spans = environ.get(OTEL_EXPORTER_OTLP_TRACES_INSECURE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdf2f04ee5435e27 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:105
            and environ.get(OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad56d359d8428d04 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:115
        environ_timeout = environ.get(OTEL_EXPORTER_OTLP_TRACES_TIMEOUT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a119cf8395ab2837 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:131
            or environ.get(OTEL_EXPORTER_OTLP_TRACES_ENDPOINT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ad775ceab99fe1c Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:134
            headers=headers or environ.get(OTEL_EXPORTER_OTLP_TRACES_HEADERS),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mcp

python dependency
medium pii_flow dependency Excluded from app score #02585e8f85ac3a24 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:452 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:433 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:452
        return httpx.Request("POST", token_url, data=refresh_data, headers=headers)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

expand_more 35 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #a374e806cac6d23f Environment-variable access.
pkgs/python/[email protected]/.github/actions/conformance/client.py:72
    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b4ba057181dd9de9 Environment-variable access.
pkgs/python/[email protected]/.github/actions/conformance/client.py:281
    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #86736e773e3d6859 Environment-variable access.
pkgs/python/[email protected]/.github/actions/conformance/client.py:349
    scenario = os.environ.get("MCP_CONFORMANCE_SCENARIO")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #52fee8523642c984 Environment-variable access.
pkgs/python/[email protected]/examples/clients/conformance-auth-client/mcp_conformance_auth_client/__init__.py:50
    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #003654b5a04dde75 Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:343
    server_url = os.getenv("MCP_SERVER_PORT", 8000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7ab17c08d55d6a92 Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:344
    transport_type = os.getenv("MCP_TRANSPORT_TYPE", "streamable-http")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #23db770376d2e10e Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:345
    client_metadata_url = os.getenv("MCP_CLIENT_METADATA_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e312ee0092c6b1fa Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:24
        self.api_key = os.getenv("LLM_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5504ff088657fc47 Filesystem access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:45
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f382e34c991dcee6 Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:83
            env={**os.environ, **self.config["env"]} if self.config.get("env") else None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #5cb922c07d397e72 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:251
                response = client.post(url, headers=headers, json=payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling reachable #8be5416ed83d7578 Filesystem access.
pkgs/python/[email protected]/examples/fastmcp/icons_demo.py:14
icon_data = base64.standard_b64encode(icon_path.read_bytes()).decode()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c453cc3154e4f6e4 Environment-variable access.
pkgs/python/[email protected]/examples/fastmcp/memory.py:52
PROFILE_DIR = (Path.home() / ".fastmcp" / os.environ.get("USER", "anon") / "memory").resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling reachable #b8cae87e301e3c91 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/fastmcp/text_me.py:49
        response = client.post(
            "https://api.surgemsg.com/messages",
            headers={
                "Authorization": f"Bearer {surge_settings.api_key}",
                "Surge-Account": surge_settings.account_id,
                "Content-Type": "application/json",
            },
            json={
                "body": text_content,
                "conversation": {
                    "contact": {
                        "first_name": surge_settings.my_first_name,
                        "last_name": surge_settings.my_last_name,
                        "phone_number": surge_settings.my_phone_number,
                    }
                },
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #1a2c206be9134c65 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/servers/simple-auth/mcp_simple_auth/token_verifier.py:53
                response = await client.post(
                    self.introspection_endpoint,
                    data={"token": token},
                    headers={"Content-Type": "application/x-www-form-urlencoded"},
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #b457b800d1e61ad7 Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/completion_client.py:17
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e860962a61c7c8b5 Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/display_utilities.py:17
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #274633281a7208dc Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/stdio_client.py:19
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #daa5a8010100b9ab Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/binary_resources.py:9
    with open("logo.png", "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #89ea94194c76ac26 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/embedded_resource_results.py:10
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4ee6668707e966a1 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/embedded_resource_results_binary.py:12
    with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0c6891caede50eac Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/prompt_embedded_resources.py:11
    file_content = open(filename).read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9e4baf316e470917 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/tool_errors.py:27
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a8986e1d31658c4a Filesystem access.
pkgs/python/[email protected]/scripts/update_doc_snippets.py:53
        code = file.read_text().rstrip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6ea36ef1cf585694 Filesystem access.
pkgs/python/[email protected]/scripts/update_doc_snippets.py:109
    content = doc_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #18c327c9b24c8f14 Filesystem access.
pkgs/python/[email protected]/scripts/update_doc_snippets.py:134
            doc_path.write_text(updated_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7eab8b0c59e7b24 Environment-variable access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:24
        path = Path(os.environ.get("XDG_CONFIG_HOME", Path.home() / ".config"), "Claude")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abd45c553f3e2bc1 Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:77
            config_file.write_text("{}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cb384da027397dc Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:88
        config = json.loads(config_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baa865155f0a8dec Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:135
        config_file.write_text(json.dumps(config, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #940e8ed068dfa814 Environment-variable access.
pkgs/python/[email protected]/src/mcp/cli/cli.py:282
            env=dict(os.environ.items()),  # Convert to list of tuples for env update

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #2a55274f876c09ac Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/mcp/client/sse.py:138
                                    response = await client.post(
                                        endpoint_url,
                                        json=session_message.message.model_dump(
                                            by_alias=True,
                                            mode="json",
                                            exclude_none=True,
                                        ),
                                    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7b2d41e83fb1e121 Environment-variable access.
pkgs/python/[email protected]/src/mcp/client/stdio/__init__.py:59
        value = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfbf0572795a6bff Filesystem access.
pkgs/python/[email protected]/src/mcp/server/fastmcp/utilities/types.py:47
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #037c6c9d3e22054b Filesystem access.
pkgs/python/[email protected]/src/mcp/server/fastmcp/utilities/types.py:94
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

aiohttp

python dependency
expand_more 29 low-confidence finding(s)
low env_fs dependency Excluded from app score #53988b7e4ddc61f1 Filesystem access.
pkgs/python/[email protected]/aiohttp/cookiejar.py:207
        with open(
            file_path,
            mode="w",
            encoding="utf-8",
            opener=lambda path, flags: os.open(path, flags, 0o600),
        ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #973813be97e2a47a Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:73
NO_EXTENSIONS = bool(os.environ.get("AIOHTTP_NO_EXTENSIONS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe11b737a456906e Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:82
    not sys.flags.ignore_environment and bool(os.environ.get("PYTHONASYNCIODEBUG"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31f6298f880f4364 Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:228
    netrc_env = os.environ.get("NETRC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #abe4289682c131ae Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/aiohttp/test_utils.py:347
        resp = await self._session.request(method, self.make_url(path), **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #c80233644fa7b1d0 Environment-variable access.
pkgs/python/[email protected]/aiohttp/web_fileresponse.py:50
NOSENDFILE: Final[bool] = bool(os.environ.get("AIOHTTP_NOSENDFILE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #4becdaebbc6176ba Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs/code/client_middleware_cookbook.py:39
    async with req.session.post("/log", data=req.url.host, middlewares=()) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #974776f367c66986 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs/code/client_middleware_cookbook.py:65
                async with req.session.post(url, data=self.refresh_token) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #2124312f5829a31e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs/code/client_middleware_cookbook.py:87
                    async with req.session.post(url, data=self.refresh_token) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #aef7a2c956bde19b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs/code/client_middleware_cookbook.py:100
            async with session.post("/refresh") as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #eae81f8507a97baa Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:21
    os.getenv("READTHEDOCS", "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #749d8ce0327bac55 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:22
    and os.environ["READTHEDOCS_VERSION_TYPE"] == "tag"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #183c6eaf11639c77 Filesystem access.
pkgs/python/[email protected]/docs/conf.py:31
with open(_version_path, encoding="latin1") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #71ad8641890f5673 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/curl.py:12
        async with session.request("GET", url) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #317b156931805453 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/logging_middleware.py:139
        async with session.post("http://localhost:8080/echo", json=payload) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #9b2a6d8284c00c2f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/retry_middleware.py:179
        await session.post("http://localhost:8080/reset")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #d3f325ba11ff33f9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/retry_middleware.py:210
        await session.post("http://localhost:8080/reset")  # Reset counters

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #bb0a549ea65549b4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/token_refresh_middleware.py:65
            async with session.post(
                self.token_endpoint,
                json={"refresh_token": self.refresh_token},
                middlewares=(),  # Disable middleware for this request
            ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #a35dfd31dd3c0ca6 Filesystem access.
pkgs/python/[email protected]/examples/web_ws.py:20
        with open(WS_FILE, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #784254c6ccc2476a Filesystem access.
pkgs/python/[email protected]/requirements/sync-direct-runtime-deps.py:12
data = tomllib.loads(Path("pyproject.toml").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbac53c5d8947198 Filesystem access.
pkgs/python/[email protected]/requirements/sync-direct-runtime-deps.py:19
with open(Path("requirements", "runtime-deps.in"), "w") as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b3820242dab0bc7 Environment-variable access.
pkgs/python/[email protected]/setup.py:13
    os.environ.get("AIOHTTP_USE_SYSTEM_DEPS", os.environ.get("USE_SYSTEM_DEPS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8035019e024d875a Environment-variable access.
pkgs/python/[email protected]/setup.py:15
NO_EXTENSIONS: bool = bool(os.environ.get("AIOHTTP_NO_EXTENSIONS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b37b851796e96f48 Environment-variable access.
pkgs/python/[email protected]/setup.py:16
CYTHON_TRACING: bool = bool(os.environ.get("AIOHTTP_CYTHON_TRACE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #887096ed821339f2 Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:30
        hasher.update(full_src.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d3fd0dbb735eaa80 Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:37
        dst_hash = dst.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0a70361be3579069 Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:41
        dst.write_text(src_hash)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #73006698382d4a6c Filesystem access.
pkgs/python/[email protected]/tools/cleanup_changes.py:30
    changes = (root / "CHANGES.rst").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9a7acaf3778859a1 Filesystem access.
pkgs/python/[email protected]/tools/gen.py:16
    code = compile(hdrs_file.read_text(), str(hdrs_file), "exec")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

anthropic

python dependency
expand_more 122 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #d3d60ae28f5a2ed9 Environment-variable access.
pkgs/python/[email protected]/examples/agents.py:9
    anthropic = Anthropic(api_key=os.environ.get("ANTHROPIC_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow tooling Excluded from app score unreachable #a1d51aaf0b287ba3 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents.py:15 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents.py:9 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents.py:15
    print("Created environment:", environment.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #3d63fa4560b4516a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents.py:22 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents.py:9 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents.py:22
    print("Created agent:", agent.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #25ebc86208094992 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents.py:29 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents.py:9 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents.py:29
    print("Created session:", session.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #63a68d0014a5ef62 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents.py:45 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents.py:9 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents.py:45
            print(event.to_json(indent=2))

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs tooling Excluded from app score unreachable #091dae043dd548e3 Environment-variable access.
pkgs/python/[email protected]/examples/agents_comprehensive.py:18
    anthropic = Anthropic(api_key=os.environ.get("ANTHROPIC_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d670c377c8f26b0b Environment-variable access.
pkgs/python/[email protected]/examples/agents_comprehensive.py:20
    github_token = os.environ.get("GITHUB_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow tooling Excluded from app score unreachable #4d418037585b9c32 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_comprehensive.py:28 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_comprehensive.py:18 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_comprehensive.py:28
    print("Created environment:", environment.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #621d94a134e7967f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_comprehensive.py:32 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_comprehensive.py:18 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_comprehensive.py:32
    print("Created vault:", vault.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #720840ea802f2734 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_comprehensive.py:43 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_comprehensive.py:18 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_comprehensive.py:43
    print("Created credential:", credential.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs tooling Excluded from app score unreachable #72e59b4facf1f130 Filesystem access.
pkgs/python/[email protected]/examples/agents_comprehensive.py:47
    with open(skill_md_path, "rb") as skill_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow tooling Excluded from app score unreachable #a329f95482f48f7b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_comprehensive.py:52 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_comprehensive.py:18 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_comprehensive.py:52
    print("Created skill:", skill.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #1c495a3612be7f03 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_comprehensive.py:75 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_comprehensive.py:18 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_comprehensive.py:75
    print("Created agent v1:", agent_v1.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #2af76b4f31920f9e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_comprehensive.py:86 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_comprehensive.py:18 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_comprehensive.py:86
    print("Patched agent to v2:", agent.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #1801bc6953de2c57 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_comprehensive.py:89 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_comprehensive.py:18 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_comprehensive.py:89
    print("Agent versions:", versions.data)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #6c19ad44bf1c2e61 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_comprehensive.py:97 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_comprehensive.py:18 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_comprehensive.py:97
    print("Created session:", session.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #8f324b7a1ff0c9cf PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_comprehensive.py:108 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_comprehensive.py:18 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_comprehensive.py:108
            print(event.to_json(indent=2))

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs tooling Excluded from app score unreachable #844db3ece54f3b77 Environment-variable access.
pkgs/python/[email protected]/examples/agents_with_files.py:10
    anthropic = Anthropic(api_key=os.environ.get("ANTHROPIC_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow tooling Excluded from app score unreachable #82535128cfa40f02 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_with_files.py:16 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_with_files.py:10 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_with_files.py:16
    print("Created environment:", environment.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #4df7579374ad395f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_with_files.py:32 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_with_files.py:10 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_with_files.py:32
    print("Created agent:", agent.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #0943d92667d2fd7e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_with_files.py:38 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_with_files.py:10 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_with_files.py:38
    print("Uploaded file:", file.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #bec282065d9fc910 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_with_files.py:52 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_with_files.py:10 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_with_files.py:52
    print("Created session:", session.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #77f1fc6b16324412 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_with_files.py:55 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_with_files.py:10 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_with_files.py:55
    print("Listed session resources:", resources.data)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #01a8083605fcc068 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_with_files.py:76 · flow /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_with_files.py:10 → /tmp/closeopen-qx_hh4y0/pkgs/python/[email protected]/examples/agents_with_files.py:76
            print(event.to_json(indent=2))

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs tooling Excluded from app score unreachable #75005db4915b9619 Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-observe-tool-calls.py:46
    val = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b4430c7f0923b745 Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-observe-tool-calls.py:64
    workdir = os.environ.get("ANTHROPIC_WORKDIR", ".")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #11bf1443db50c8e7 Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-self-hosted-sandbox-worker.py:48
    val = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #51362dfc3f96e554 Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-self-hosted-sandbox-worker.py:60
    workdir = os.environ.get("ANTHROPIC_WORKDIR", ".")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #962b7bf34f1fdd50 Environment-variable access.
pkgs/python/[email protected]/examples/workload_identity.py:70
        identity_token_provider=lambda: os.environ["ANTHROPIC_IDENTITY_TOKEN"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #c5c9226f2f543aea Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/anthropic/_base_client.py:325
        return await self._client.request(self._page_cls, self._options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a8a8fecda594ea47 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:107
    if api_key is not None and os.environ.get("ANTHROPIC_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66f91a0c7099b916 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:109
    if auth_token is not None and os.environ.get("ANTHROPIC_AUTH_TOKEN"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d82077058b6ab8ba Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:214
            api_key = os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bef4cb148398411 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:215
            auth_token = os.environ.get("ANTHROPIC_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d2a93d876126bad Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:221
            webhook_key = os.environ.get("ANTHROPIC_WEBHOOK_SIGNING_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2ecc5bffd65de9f Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:225
            base_url = os.environ.get("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e98b0370a875446 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:234
        custom_headers_env = os.environ.get("ANTHROPIC_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80d689603753836b Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:634
            api_key = os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a368214d9548eeaf Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:635
            auth_token = os.environ.get("ANTHROPIC_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d50ac30e56579326 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:641
            webhook_key = os.environ.get("ANTHROPIC_WEBHOOK_SIGNING_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #216481603bb0af7d Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:645
            base_url = os.environ.get("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #deef5c9e993927d3 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:654
        custom_headers_env = os.environ.get("ANTHROPIC_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c4b4f93954c75c4 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:69
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac4f0072b1f206fd Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:81
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eec7aecb5e32b82c Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:111
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c5e38a08853d74e Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:123
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca433fc932419564 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_legacy_response.py:464
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e3eafc7fa5e5f52 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_legacy_response.py:477
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bf2a0cbc44937eb Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_models.py:120
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd6bf703821be4eb Filesystem access.
pkgs/python/[email protected]/src/anthropic/_response.py:537
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92cfdd9f363f377f Filesystem access.
pkgs/python/[email protected]/src/anthropic/_response.py:579
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43917090a2c82adb Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_utils/_logs.py:17
    env = os.environ.get("ANTHROPIC_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f6d6fea060915c4 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_transform.py:250
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c930e981bdd094bb Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_transform.py:418
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afc67cfc93c171d4 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_utils.py:379
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc7e40321f0624cf Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/_files.py:25
        files.append((path.relative_to(relative_to).as_posix(), path.read_bytes()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b082fd7fca84acec Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/_files.py:42
        files.append((path.relative_to(relative_to).as_posix(), await path.read_bytes()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #333777aba0b125bf Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/aws/_credentials.py:25
        value = os.environ.get(var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a6f83c58f2e1516 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/aws/_credentials.py:90
    return os.environ.get("AWS_REGION") or os.environ.get("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98cc89c5ee7098ab Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:77
    aws_region = os.environ.get("AWS_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ec516e3aa596481 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:165
            api_key = os.environ.get("AWS_BEARER_TOKEN_BEDROCK")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76087fa8949e4e99 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:190
            base_url = os.environ.get("ANTHROPIC_BEDROCK_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32bdd11b77d94eeb Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:345
            api_key = os.environ.get("AWS_BEARER_TOKEN_BEDROCK")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f19cde398d530fc5 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:370
            base_url = os.environ.get("ANTHROPIC_BEDROCK_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f7f946ec991f7f7 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_mantle.py:144
        base_url = os.environ.get("ANTHROPIC_BEDROCK_MANTLE_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e030001c44d0798b Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:33
    federation_rule_id = os.environ.get(ENV_FEDERATION_RULE_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cea9d86ce1aca88 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:34
    organization_id = os.environ.get(ENV_ORGANIZATION_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #681b54311d10342b Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:35
    has_literal_token = ENV_IDENTITY_TOKEN in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adaf9694d243b24b Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:50
            value = os.environ.get(ENV_IDENTITY_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fc3930a7c754986 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:65
        service_account_id=os.environ.get(ENV_SERVICE_ACCOUNT_ID),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cf20203e64702e5 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:69
        workspace_id=os.environ.get(ENV_WORKSPACE_ID) or None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61303f563eae025b Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:70
        scope=os.environ.get(ENV_SCOPE),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b525b4627f06b23 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:108
    if os.environ.get(ENV_API_KEY):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1881f857c6abc53 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:112
    auth_token = os.environ.get(ENV_AUTH_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cec01eab0fd3ea4c Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:119
    env_explicit = bool(os.environ.get(ENV_PROFILE) or os.environ.get(ENV_CONFIG_DIR))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e606d2b7e3b32c10 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:78
    env = os.environ.get(ENV_CONFIG_DIR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6039aee901dc025 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:82
        appdata = os.environ.get("APPDATA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1e4b61c85e3b27e Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:92
        name = (_config_dir() / "active_config").read_text(encoding="utf-8").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ac5d7cdadf631f7 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:105
    env = os.environ.get(ENV_PROFILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bf0409598e3c8b3 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:224
    env = os.environ.get(ENV_IDENTITY_TOKEN_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efa2f6b8d32f8575 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:240
    if os.environ.get(ENV_PROFILE) or os.environ.get(ENV_CONFIG_DIR):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4d8c140e45596b2 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:244
    if os.environ.get(ENV_FEDERATION_RULE_ID) and os.environ.get(ENV_ORGANIZATION_ID):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e60d19cdcd2fbad Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:245
        if os.environ.get(ENV_IDENTITY_TOKEN_FILE) or os.environ.get(ENV_IDENTITY_TOKEN):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9406d41b640c4b16 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:96
            v = os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a627b76305853671 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:110
            v = os.environ.get(ENV_IDENTITY_TOKEN_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e332b98c1d580b4e Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:136
        value = os.environ.get(self._env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19bde31b9b7fd0e3 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:284
            raw = self._config_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adb87c028d239a47 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:374
            creds: Dict[str, Any] = _wrap_secret_fields(json.loads(path.read_text(encoding="utf-8")))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #4213a107768e5fde Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:538
            resp = self._get_http_client().post(
                f"{self._base_url}{TOKEN_ENDPOINT}",
                # Serialized inline so the raw request bytes are never bound
                # to a local here; SecretStr values unwrap at dump time.
                content=_json_dumps_secrets(body),
                headers={
                    "Content-Type": "application/json",
                    # oauth-2025-04-20 unlocks the token endpoint family. Do
                    # NOT send oidc-federation-2026-04-01 — that's a routing
                    # switch that misroutes refresh_token grants to the Go
                    # userauth handler, which only accepts jwt-bearer.
                    "anthropic-beta": OAUTH_API_BETA_HEADER,
                    "User-Agent": _user_agent(),
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #36e847feb605a4ea Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:746
            content = self._path.read_text(encoding="utf-8").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ff8a300078c2783b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_workload.py:259
            resp = self._http_client.post(
                url,
                # Serialized inline so the raw request bytes are never bound
                # to a local here; SecretStr values unwrap at dump time.
                content=_json_dumps_secrets(body),
                headers={
                    "anthropic-beta": _JWT_BEARER_BETA_HEADER,
                    "Content-Type": "application/json",
                    "User-Agent": _user_agent(),
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #975f8150ca3625fb Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/environments/_worker.py:160
    resolved = value or os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b948bf1c46468deb Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:157
        api_key = api_key if api_key is not None else os.environ.get("ANTHROPIC_FOUNDRY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f50fb214775b4d5e Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:158
        resource = resource if resource is not None else os.environ.get("ANTHROPIC_FOUNDRY_RESOURCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2920c4fc88a19dfb Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:159
        base_url = base_url if base_url is not None else os.environ.get("ANTHROPIC_FOUNDRY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8e02415297fd762 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:382
        api_key = api_key if api_key is not None else os.environ.get("ANTHROPIC_FOUNDRY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce6b2a983f8eaf6f Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:383
        resource = resource if resource is not None else os.environ.get("ANTHROPIC_FOUNDRY_RESOURCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcc23e50528d1e80 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:384
        base_url = base_url if base_url is not None else os.environ.get("ANTHROPIC_FOUNDRY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e8ee96b8855babd Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:247
            location = os.environ.get("ANTHROPIC_GOOGLE_CLOUD_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #741d5152d6599a43 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:252
            project = os.environ.get("ANTHROPIC_GOOGLE_CLOUD_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfeb6450a33bf485 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:254
            project = os.environ.get("GOOGLE_CLOUD_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7af1ff455b6a0fbf Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:260
            base_url = os.environ.get("ANTHROPIC_GOOGLE_CLOUD_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bd41946353ab814 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:266
            workspace_id = os.environ.get("ANTHROPIC_GOOGLE_CLOUD_WORKSPACE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3162a2248a5ff80e Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:493
            location = os.environ.get("ANTHROPIC_GOOGLE_CLOUD_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3bfe86c9985881b Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:498
            project = os.environ.get("ANTHROPIC_GOOGLE_CLOUD_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a7b4e23e780fc2d Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:500
            project = os.environ.get("GOOGLE_CLOUD_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f2b39485b774d10 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:506
            base_url = os.environ.get("ANTHROPIC_GOOGLE_CLOUD_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #febac6c8642091a2 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:510
            workspace_id = os.environ.get("ANTHROPIC_GOOGLE_CLOUD_WORKSPACE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #572f9023ef8d2bfc Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_beta_builtin_memory_tool.py:356
        return full_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0dd9ec612a6405b5 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_beta_builtin_memory_tool.py:653
        return await full_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #208088cbdf5ea3fd Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_skills.py:138
                with zf.open(info) as src, open(target, "wb") as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #23355ec5d91f30b1 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_skills.py:164
            with extracted as src, open(target, "wb") as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2a531d0ced61e2f2 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:123
    return {k: v for k, v in os.environ.items() if not k.startswith("ANTHROPIC_")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ba775cd670bba57c Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:512
            text = target.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #52ce892e175bd206 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:540
            target.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4e9a49c2b330fc9e Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:570
            text = target.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8d9fec391dc967db Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:582
            target.write_text(updated)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc985a5a2261c853 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:46
        project_id = os.environ.get("ANTHROPIC_VERTEX_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6bd8540e5dd089b Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:114
            region = os.environ.get("CLOUD_ML_REGION", NOT_GIVEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5725d07c97b93477 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:121
            base_url = os.environ.get("ANTHROPIC_VERTEX_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16067ec8f53333b6 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:278
            region = os.environ.get("CLOUD_ML_REGION", NOT_GIVEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #953937c4740cba4b Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:285
            base_url = os.environ.get("ANTHROPIC_VERTEX_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

anyio

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #2efd543cda2f16ca Filesystem access.
pkgs/python/[email protected]/src/anyio/to_process.py:203
    sys.stdin = open(os.devnull)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55e74dd3aaf767d3 Filesystem access.
pkgs/python/[email protected]/src/anyio/to_process.py:204
    sys.stdout = open(os.devnull, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

asyncpg

python dependency
expand_more 52 low-confidence finding(s)
low env_fs dependency Excluded from app score #15ca76b77073eafd Environment-variable access.
pkgs/python/[email protected]/asyncpg/_testbase/__init__.py:102
        if os.environ.get('USE_UVLOOP'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84b29bc2ee5b0060 Environment-variable access.
pkgs/python/[email protected]/asyncpg/_testbase/__init__.py:246
        pg_host = os.environ.get('PGHOST')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91fed59b7c4a81f0 Environment-variable access.
pkgs/python/[email protected]/asyncpg/_testbase/__init__.py:352
        if not os.environ.get('PGHOST') and not kwargs.get('dsn'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e672ae7386dbbc69 Environment-variable access.
pkgs/python/[email protected]/asyncpg/_testbase/__init__.py:509
        if not os.environ.get('PGHOST') and not kwargs.get('dsn'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f92966ee4910c61a Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:64
    if _system == 'Windows' and os.environ.get("GITHUB_ACTIONS"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9e0964742acc5d7 Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:82
            os.environ.get('PGINSTALLATION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fe9dba926abba33 Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:83
            or os.environ.get('PGBIN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46a7fdc6a2821908 Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:215
            if os.getenv('ASYNCPG_DEBUG_SERVER'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4cf1e2a416a46b5 Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:245
            if os.getenv('ASYNCPG_DEBUG_SERVER'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8be9bf330116473 Filesystem access.
pkgs/python/[email protected]/asyncpg/cluster.py:377
            with open(pg_hba, 'w'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3cc72c31ca11f88 Filesystem access.
pkgs/python/[email protected]/asyncpg/cluster.py:412
            with open(pg_hba, 'a') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56f132fb8d2b6753 Filesystem access.
pkgs/python/[email protected]/asyncpg/cluster.py:466
            with open(pidfile, 'rt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88b5fa00bf94db90 Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:566
                os.environ.get('PGINSTALLATION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #834036f0b5e7c8be Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:567
                or os.environ.get('PGBIN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0281798a6bd13b29 Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:573
                pathenv = os.environ.get('PATH').split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7a091e080197fab Filesystem access.
pkgs/python/[email protected]/asyncpg/cluster.py:671
            with open(os.path.join(self._data_dir, 'recovery.conf'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b11162d89e55c8f Filesystem access.
pkgs/python/[email protected]/asyncpg/cluster.py:680
            f = open(os.path.join(self._data_dir, 'standby.signal'), 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a08d0f8157ddfce Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:201
        portspec = os.environ.get('PGPORT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62e584d8e37544d6 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:306
            connection_service_file = os.getenv('PGSERVICEFILE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cdf5d7856d7d589 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:555
        service = os.environ.get('PGSERVICE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1851215e085b42eb Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:557
        hostspec = os.environ.get('PGHOST')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6199067b80f37b79 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:577
        portspec = os.environ.get('PGPORT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16be328b8ea381d9 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:595
        user = os.getenv('PGUSER')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1594e60dc4b615d Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:600
        password = os.getenv('PGPASSWORD')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e27f553b653ce6a5 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:603
        database = os.getenv('PGDATABASE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97e0fa6c882b506c Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:618
            passfile = os.getenv('PGPASSFILE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b93ae7967a110c8 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:653
        ssl = os.getenv('PGSSLMODE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54b66a6563adf9a5 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:664
            sslnegotiation = os.environ.get("PGSSLNEGOTIATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b1b8b30845178b1 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:699
                    sslrootcert = os.getenv('PGSSLROOTCERT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55431e27d9d828de Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:745
                    sslcrl = os.getenv('PGSSLCRL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43f20bff60573989 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:764
                sslkey = os.getenv('PGSSLKEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f779b8249169ba4 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:772
                sslcert = os.getenv('PGSSLCERT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b771f9376f45d2f Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:791
                keylogfile = os.environ.get('SSLKEYLOGFILE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f974ce87286931eb Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:796
                ssl_min_protocol_version = os.getenv('PGSSLMINPROTOCOLVERSION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6c96c86fe6db0a5 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:805
                ssl_max_protocol_version = os.getenv('PGSSLMAXPROTOCOLVERSION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96ad88708686b07a Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:826
        target_session_attrs = os.getenv(
            "PGTARGETSESSIONATTRS", SessionAttribute.any
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #addb7879fa95b189 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:841
        krbsrvname = os.getenv('PGKRBSRVNAME')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6575b1e30d1404b3 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:844
        gsslib = os.getenv('PGGSSLIB')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f520d9bbe797bdd5 Filesystem access.
pkgs/python/[email protected]/docs/conf.py:11
with open(version_file, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43e6c243940a04f8 Filesystem access.
pkgs/python/[email protected]/setup.py:40
with open(str(_ROOT / 'README.rst')) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4b2e33ea8043c72 Filesystem access.
pkgs/python/[email protected]/setup.py:44
with open(str(_ROOT / 'asyncpg' / '_version.py')) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e58e38d4512692a1 Environment-variable access.
pkgs/python/[email protected]/setup.py:60
        v = os.environ.get('PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #348fce539f756314 Filesystem access.
pkgs/python/[email protected]/setup.py:82
        with open(str(filename)) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f98a1a0d3e3dbd69 Filesystem access.
pkgs/python/[email protected]/setup.py:89
        with open(str(filename), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #435b243e03d04f34 Environment-variable access.
pkgs/python/[email protected]/setup.py:137
        if os.environ.get('ASYNCPG_DEBUG'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eef546343e649687 Environment-variable access.
pkgs/python/[email protected]/setup.py:159
            self.cython_always = bool(os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39b6049ab045515b Environment-variable access.
pkgs/python/[email protected]/setup.py:159
            self.cython_always = bool(os.environ.get(
                "ASYNCPG_BUILD_CYTHON_ALWAYS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f0414f428f8bcd4 Environment-variable access.
pkgs/python/[email protected]/setup.py:163
            self.cython_annotate = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5761b3055dce0f99 Environment-variable access.
pkgs/python/[email protected]/setup.py:163
            self.cython_annotate = os.environ.get(
                "ASYNCPG_BUILD_CYTHON_ANNOTATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a59ebcb452d5ab3 Environment-variable access.
pkgs/python/[email protected]/setup.py:167
            self.cython_directives = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf3a2e4f045e0459 Environment-variable access.
pkgs/python/[email protected]/setup.py:167
            self.cython_directives = os.environ.get(
                "ASYNCPG_BUILD_CYTHON_DIRECTIVES")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c87aef5494fc0306 Environment-variable access.
pkgs/python/[email protected]/setup.py:239
    or os.environ.get("ASYNCPG_BUILD_CYTHON_ALWAYS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

authlib

python dependency
expand_more 14 low-confidence finding(s)
low env_fs dependency Excluded from app score #4a74a44a95be655c Environment-variable access.
pkgs/python/[email protected]/authlib/common/security.py:15
    if os.getenv("AUTHLIB_INSECURE_TRANSPORT"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #2a0a345a3cc8b42c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/integrations/base_client/async_app.py:79
                resp = await client.request(
                    "GET", self._server_metadata_url, withhold_token=True
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d17bc4216ed671a2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/integrations/base_client/async_app.py:144
        return await session.request(method, url, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2208114f03c8789a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/integrations/base_client/async_app.py:152
    return await session.request(method, url, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #12be02715d97a8d8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/integrations/base_client/async_openid.py:26
            resp = await client.request("GET", uri, withhold_token=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #79831f3f3a929b56 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/integrations/base_client/sync_app.py:80
            return session.request(method, url, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #45c925b9af148b85 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/integrations/base_client/sync_app.py:89
        return session.request(method, url, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8b12720fe9586273 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/integrations/base_client/sync_app.py:329
                resp = session.request(
                    "GET", self._server_metadata_url, withhold_token=True
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #32d8e33880f51020 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/integrations/base_client/sync_openid.py:24
            resp = session.request("GET", uri, withhold_token=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #05d2e3632012e4f4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/oauth1/client.py:149
        resp = self.session.post(url, auth=self.auth, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #25b6ca23fb1051ad Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/oauth2/client.py:430
            resp = self.session.post(
                url, data=dict(url_decode(body)), headers=headers, auth=auth, **kwargs
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #19f2ca7297b177a1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/oauth2/client.py:438
            resp = self.session.request(
                method, url, headers=headers, auth=auth, **kwargs
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #47167610e44d0999 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/oauth2/client.py:513
        return self.session.post(
            url, data=dict(url_decode(body)), headers=headers, auth=auth, **kwargs
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1b0e48ca8d77e69a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/authlib/oauth2/rfc7521/client.py:99
        resp = self.session.request(
            "POST", self.token_endpoint, data=data, withhold_token=True
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

bashlex

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #a866cd55a9e7144f Filesystem access.
pkgs/python/[email protected]/bashlex/yacc.py:2347
                debuglog = PlyLogger(open(debugfile, 'w'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

binaryornot

python dependency
expand_more 9 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #31f7280c03ef3a60 Filesystem access.
pkgs/python/[email protected]/scripts/generate_fixtures.py:20
    with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8e0464d6eff25fb2 Filesystem access.
pkgs/python/[email protected]/scripts/generate_fixtures.py:36
            with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bfaec2d8a75db1c0 Filesystem access.
pkgs/python/[email protected]/scripts/generate_fixtures.py:158
        with open(test_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7fa99d42630bed55 Environment-variable access.
pkgs/python/[email protected]/scripts/generate_fixtures.py:165
                **os.environ,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9baea703980d54a4 Filesystem access.
pkgs/python/[email protected]/scripts/train_detector.py:442
    with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #257913e0302f2046 Filesystem access.
pkgs/python/[email protected]/scripts/train_detector.py:510
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2b95b46bfe8dd633 Filesystem access.
pkgs/python/[email protected]/scripts/train_detector.py:591
            with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #62dfde3abd5887ac Filesystem access.
pkgs/python/[email protected]/scripts/train_detector.py:599
            with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #278345ab5caba92a Filesystem access.
pkgs/python/[email protected]/src/binaryornot/helpers.py:89
    with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

boto3

python dependency
expand_more 4 low-confidence finding(s)
low env_fs tooling reachable #1269dbc298f5f48a Filesystem access.
pkgs/python/[email protected]/boto3/docs/__init__.py:50
        with open(service_doc_path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b31636faf8bade8c Filesystem access.
pkgs/python/[email protected]/boto3/docs/service.py:200
            with open(examples_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #307a9b9cc04ea8fa Filesystem access.
pkgs/python/[email protected]/setup.py:24
    init = open(os.path.join(ROOT, 'boto3', '__init__.py')).read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b18ee84249c608ca Filesystem access.
pkgs/python/[email protected]/setup.py:32
    long_description=open('README.rst').read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

browsergym-core

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #064df2fc92190065 Filesystem access.
pkgs/python/[email protected]/src/browsergym/core/chat.py:81
    with open(chatbox_dir / "chatbox_modern.html", "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9a3ee190ce98084 Filesystem access.
pkgs/python/[email protected]/src/browsergym/core/chat.py:88
    with open(chatbox_dir / "chatbox.html", "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f471de2255d9b07f Filesystem access.
pkgs/python/[email protected]/src/browsergym/core/chat.py:90
    with open(chatbox_dir / "assistant.png", "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

deprecation

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #62decabaa83c1885 Filesystem access.
pkgs/python/[email protected]/setup.py:11
    with open("deprecation.py", "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87928b23cf5c2634 Filesystem access.
pkgs/python/[email protected]/setup.py:36
      long_description=io.open("README.rst", encoding="utf-8").read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

dirhash

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #a11b2d176d3954aa Filesystem access.
pkgs/python/[email protected]/setup.py:11
    with open(os.path.join(PROJECT_ROOT, "README.md"), encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36294b05369bbbaf Filesystem access.
pkgs/python/[email protected]/src/dirhash/__init__.py:587
    with open(filepath, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

docker

python dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #741e3ad0b9b2ec06 Filesystem access.
pkgs/python/[email protected]/docker/api/build.py:153
                with open(dockerignore) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44eec3a53d586317 Filesystem access.
pkgs/python/[email protected]/docker/api/build.py:370
        with open(abs_dockerfile) as df:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ad480002bb2bfe8 Filesystem access.
pkgs/python/[email protected]/docker/api/image.py:141
            with open(src, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db0a47e5da50515a Filesystem access.
pkgs/python/[email protected]/docker/auth.py:159
                with open(config_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3b10424c76e2a73 Filesystem access.
pkgs/python/[email protected]/docker/auth.py:356
        with open(config_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb74f6b40bbb01e4 Filesystem access.
pkgs/python/[email protected]/docker/context/api.py:115
                            open(os.path.join(dirname, filename)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86e82ca900ccd89d Filesystem access.
pkgs/python/[email protected]/docker/context/config.py:17
            with open(docker_cfg_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #089eea8cac9f12ea Filesystem access.
pkgs/python/[email protected]/docker/context/config.py:31
            with open(docker_cfg_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #730d162b8f910ce3 Filesystem access.
pkgs/python/[email protected]/docker/context/config.py:43
        with open(docker_cfg_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7aff314ea71e2c8b Filesystem access.
pkgs/python/[email protected]/docker/context/context.py:100
            with open(meta_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9ca43c908302ffb Filesystem access.
pkgs/python/[email protected]/docker/context/context.py:150
        with open(get_meta_file(self.name), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f9a3576c98487ee Environment-variable access.
pkgs/python/[email protected]/docker/credentials/utils.py:8
    result = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e4188f76d101f7a Environment-variable access.
pkgs/python/[email protected]/docker/transport/sshconn.py:50
        env = dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83811c98059f6a66 Filesystem access.
pkgs/python/[email protected]/docker/transport/sshconn.py:197
            with open(ssh_config_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29940ba0d546013f Filesystem access.
pkgs/python/[email protected]/docker/utils/build.py:102
                with open(full_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc212cd1b04bb7e1 Environment-variable access.
pkgs/python/[email protected]/docker/utils/config.py:34
    config_dir = os.environ.get('DOCKER_CONFIG')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c070b09ce184fa9 Environment-variable access.
pkgs/python/[email protected]/docker/utils/config.py:46
        return os.environ.get('USERPROFILE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1f91acf0d8446ce Filesystem access.
pkgs/python/[email protected]/docker/utils/config.py:58
        with open(config_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c85c3f1e651d5a04 Environment-variable access.
pkgs/python/[email protected]/docker/utils/utils.py:355
        environment = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcdbcd1c81ba3959 Filesystem access.
pkgs/python/[email protected]/docker/utils/utils.py:465
    with open(env_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fastapi

python dependency
expand_more 74 low-confidence finding(s)
low egress dependency Excluded from app score #d8a4ba7ccca06134 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/app_testing/app_b_an_py310/test_main.py:31
    response = client.post(
        "/items/",
        headers={"X-Token": "coneofsilence"},
        json={"id": "foobar", "title": "Foo Bar", "description": "The Foo Barters"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d673a866a809a5da Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/app_testing/app_b_an_py310/test_main.py:45
    response = client.post(
        "/items/",
        headers={"X-Token": "hailhydra"},
        json={"id": "bazz", "title": "Bazz", "description": "Drop the bazz"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9378e480b1a94d1b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/app_testing/app_b_an_py310/test_main.py:55
    response = client.post(
        "/items/",
        headers={"X-Token": "coneofsilence"},
        json={
            "id": "foo",
            "title": "The Foo ID Stealers",
            "description": "There goes my stealer",
        },
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #89dda499571aa58f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/app_testing/app_b_py310/test_main.py:31
    response = client.post(
        "/items/",
        headers={"X-Token": "coneofsilence"},
        json={"id": "foobar", "title": "Foo Bar", "description": "The Foo Barters"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #17c27e24464ceb3f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/app_testing/app_b_py310/test_main.py:45
    response = client.post(
        "/items/",
        headers={"X-Token": "hailhydra"},
        json={"id": "bazz", "title": "Bazz", "description": "Drop the bazz"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a089e3c1065b8dff Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/app_testing/app_b_py310/test_main.py:55
    response = client.post(
        "/items/",
        headers={"X-Token": "coneofsilence"},
        json={
            "id": "foo",
            "title": "The Foo ID Stealers",
            "description": "There goes my stealer",
        },
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #cd09ad42fe2a18e5 Filesystem access.
pkgs/python/[email protected]/docs_src/background_tasks/tutorial001_py310.py:7
    with open("log.txt", mode="w") as email_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1147bc8601cfc12f Filesystem access.
pkgs/python/[email protected]/docs_src/background_tasks/tutorial002_an_py310.py:9
    with open("log.txt", mode="a") as log:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c035f638229be21d Filesystem access.
pkgs/python/[email protected]/docs_src/background_tasks/tutorial002_py310.py:7
    with open("log.txt", mode="a") as log:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c40b95d6a56440d6 Filesystem access.
pkgs/python/[email protected]/docs_src/custom_response/tutorial008_py310.py:11
        with open(some_file_path, mode="rb") as file_like:  # (2)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18b9aac46dc1e886 Filesystem access.
pkgs/python/[email protected]/docs_src/events/tutorial002_py310.py:8
    with open("log.txt", mode="a") as log:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc26df015a64f360 Filesystem access.
pkgs/python/[email protected]/docs_src/generate_clients/tutorial004_py310.py:5
openapi_content = json.loads(file_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bd62f84ec7ce59c Filesystem access.
pkgs/python/[email protected]/docs_src/generate_clients/tutorial004_py310.py:15
file_path.write_text(json.dumps(openapi_content))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f6241032cb4859a7 Filesystem access.
pkgs/python/[email protected]/scripts/add_latest_release_date.py:12
    with open(RELEASE_NOTES_FILE) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f994c14c45467db2 Filesystem access.
pkgs/python/[email protected]/scripts/add_latest_release_date.py:31
        with open(RELEASE_NOTES_FILE, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #925367da125b8bda Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/contributors.py:129
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #efa020ea5f9b8ad0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/contributors.py:129
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #b4b209d48c33e30c Filesystem access.
pkgs/python/[email protected]/scripts/contributors.py:227
    old_content = content_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b6437d949c647df2 Filesystem access.
pkgs/python/[email protected]/scripts/contributors.py:233
    content_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1c246aa4d0e68cce Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:105
    return yaml.unsafe_load(en_config_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #db46904502cec872 Environment-variable access.
pkgs/python/[email protected]/scripts/docs.py:129
    os.environ["DYLD_FALLBACK_LIBRARY_PATH"] = "/opt/homebrew/lib"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #dcf492e567079e0b Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:143
    new_llm_prompt_path.write_text("", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d7045ba6fba06b8c Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:223
    missing_translation = (docs_path / "missing-translation.md").read_text(
        encoding="utf-8"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #85b72a2ec488b362 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:229
    translation_banner = translation_banner_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bfdce39652eb7065 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:236
                markdown = translated_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5fd070d0a1f3f510 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:238
                    staged_file.write_text(markdown, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ddc56a1b8a89b367 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:242
                staged_file.write_text(
                    add_markdown_notice(markdown, banner), encoding="utf-8"
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #14426ccb250e7640 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:246
                markdown = staged_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #455b98f5afab7cac Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:247
                staged_file.write_text(
                    add_markdown_notice(markdown, missing_translation),
                    encoding="utf-8",
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #104f3263af56f07f Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:277
    config_path.write_text(
        yaml.dump(config, sort_keys=False, width=200, allow_unicode=True),
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #08dcc6d9561386ad Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:295
    config = yaml.unsafe_load(config_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fc92b5aadb1f0626 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:349
    content = en_index.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8f6b4945b6fe126a Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:355
    sponsors = yaml.safe_load(sponsors_data_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #678e3b0b5f40a7d7 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:384
    old_content = readme_path.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #77f59e0cfecba495 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:389
        readme_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ef567ce02b96cea0 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:430
        en_config_path.write_text(
            yaml.dump(updated_config, sort_keys=False, width=200, allow_unicode=True),
            encoding="utf-8",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cff2480d8bad8874 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:488
        language_names_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #88de71ce706442a3 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:542
    sponsors = yaml.safe_load(sponsors_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7e8e256c182220ca Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:553
    old_content = partial_path.read_text("utf-8") if partial_path.is_file() else ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #51cc4c51e348ea29 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:558
        partial_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #98bc51c74f8e8a88 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:609
    base_content = file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fab004420e2a7fbc Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:657
        version_file.write_text(content_format, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #04775bfb65e118d7 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:713
        content = md_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d4c415f3ec70b5e9 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:720
            md_file.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bf58a8eb869f2a4a Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:735
        all_docs_content += md_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #f9553f1095f32138 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/notify_translations.py:218
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #aff24b628b8ec8c4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/notify_translations.py:218
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #100802b4fe9c6e72 Filesystem access.
pkgs/python/[email protected]/scripts/notify_translations.py:319
    contents = settings.github_event_path.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #6ca6b9be8c13bdd0 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/people.py:202
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #f56b9e6269588c3b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/people.py:202
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #dbc2feade9c7294e Filesystem access.
pkgs/python/[email protected]/scripts/people.py:384
    old_content = content_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5b8dcd4e298c5e15 Filesystem access.
pkgs/python/[email protected]/scripts/people.py:390
    content_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #60e646d46811a50b Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:146
    version_file_content = version_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #64942ba08e8f2b55 Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:147
    release_notes_content = release_notes_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #208ee2ce9a412125 Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:152
    version_file.write_text(
        update_version_file(version_file_content, version, version_file)
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6562010802b84146 Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:155
    release_notes_file.write_text(
        update_release_notes(
            release_notes_content, version, parsed_release_date, release_notes_file
        )
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0bdc25ad71f8301f Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:178
    typer.echo(get_current_version(version_file.read_text(), version_file))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ac96dea656bd59ca Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:206
    version = get_current_version(version_file.read_text(), version_file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #39d2b2a0c9d32191 Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:209
            release_notes_file.read_text(), version, release_notes_file

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #ec7430bf974fc4c7 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/sponsors.py:100
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #254bc5504a24bee9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/sponsors.py:100
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #e42091373fa00ddd Filesystem access.
pkgs/python/[email protected]/scripts/sponsors.py:148
    old_content = content_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ea05ce6a8aa62445 Filesystem access.
pkgs/python/[email protected]/scripts/sponsors.py:154
    content_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #286b97d3bdc2c212 Filesystem access.
pkgs/python/[email protected]/scripts/topic_repos.py:52
    repos_old_content = repos_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2c26344bd6ac0cb1 Filesystem access.
pkgs/python/[email protected]/scripts/topic_repos.py:57
    repos_path.write_text(new_repos_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6b9bd54656d9b8e1 Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:31
general_prompt = general_prompt_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3f054856026680f0 Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:38
    return yaml.safe_load(Path("docs/language_names.yml").read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f58643482d07df6a Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:121
    lang_prompt_content = lang_prompt_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #143676dbeb893713 Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:129
    original_content = en_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d2d4201d8610b005 Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:133
        old_translation = out_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #895e49226b617cf8 Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:178
    out_path.write_text(out_content, encoding="utf-8", newline="\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e200903b3b2fd0dc Filesystem access.
pkgs/python/[email protected]/scripts/translation_fixer.py:81
        doc_lines = path.read_text(encoding="utf-8").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #221421ee08ea6353 Filesystem access.
pkgs/python/[email protected]/scripts/translation_fixer.py:82
        en_doc_lines = en_doc_path.read_text(encoding="utf-8").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3efc325375d4395b Filesystem access.
pkgs/python/[email protected]/scripts/translation_fixer.py:94
        path.write_text("\n".join(doc_lines), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gitpython

python dependency
expand_more 55 low-confidence finding(s)
low env_fs dependency Excluded from app score #25d1d53f8a81bdbc Filesystem access.
pkgs/python/[email protected]/doc/source/conf.py:50
with open(os.path.join(os.path.dirname(__file__), "..", "..", "VERSION")) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da5357b91d1b1c7c Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:663
    GIT_PYTHON_TRACE = os.environ.get("GIT_PYTHON_TRACE", False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bae50de8a95ff10 Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:779
            new_git = os.environ.get(cls._git_exec_env_var, cls.git_exec_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4294547fc3fc4f9a Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:828
                mode = os.environ.get(cls._refresh_env_var, "raise").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #719d0b039748ab67 Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:1256
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fb7b9f82c0d26c2 Filesystem access.
pkgs/python/[email protected]/git/cmd.py:1278
        stdout_sink = PIPE if with_stdout else getattr(subprocess, "DEVNULL", None) or open(os.devnull, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #528b653bb4a88c29 Environment-variable access.
pkgs/python/[email protected]/git/config.py:259
        config_home = os.environ.get("XDG_CONFIG_HOME") or osp.join(os.environ.get("HOME", "~"), ".config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ad32ed6784a9f1b Filesystem access.
pkgs/python/[email protected]/git/config.py:650
                    with open(file_path, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31f7a5f71a5e6e89 Filesystem access.
pkgs/python/[email protected]/git/config.py:768
            with open(fp, "wb") as fp_open:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e3cead70eba95c9 Filesystem access.
pkgs/python/[email protected]/git/index/base.py:705
                return open(filepath, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b4c3507c3862633 Filesystem access.
pkgs/python/[email protected]/git/index/base.py:1180
        with open(self._commit_editmsg_filepath(), "wb") as commit_editmsg_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e97f79299d909e93 Filesystem access.
pkgs/python/[email protected]/git/index/base.py:1187
        with open(self._commit_editmsg_filepath(), "rb") as commit_editmsg_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87723a66056ed9a4 Environment-variable access.
pkgs/python/[email protected]/git/index/fun.py:89
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2392bb181d9331ac Environment-variable access.
pkgs/python/[email protected]/git/objects/commit.py:664
        env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e16541153be59e3 Filesystem access.
pkgs/python/[email protected]/git/objects/submodule/base.py:428
        with open(git_file, "wb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4203214082016d00 Filesystem access.
pkgs/python/[email protected]/git/refs/log.py:267
        with open(filepath, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b095f17cd746044a Filesystem access.
pkgs/python/[email protected]/git/refs/log.py:363
            fd = open(filepath, "ab")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81ce5ebc867e825a Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:152
            with open(cls._get_packed_refs_path(repo), "rt", encoding="UTF-8") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19e7e530184f00c7 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:265
            with open(os.path.join(repodir, ref_path), "rt", encoding="UTF-8") as fp:  # type: ignore[arg-type]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e0be59328d969ac Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:668
                with open(pack_file_path, "rb") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4ffe04f69a333e4 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:696
                    with open(pack_file_path, "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ec6c8644240d4f3 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:738
            with open(abs_ref_path, "rb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d02e2ceaef188ab6 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:822
                with open(new_abs_path, "rb") as fd1:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e98086f23eeea5d5 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:824
                with open(cur_abs_path, "rb") as fd2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c07ed34133349de3 Filesystem access.
pkgs/python/[email protected]/git/remote.py:915
        with open(fetch_head.abspath, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30d773e0d2e7bfdc Environment-variable access.
repo/base.py:216
        epath = path or os.getenv("GIT_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2914b5285e8ca639 Environment-variable access.
repo/base.py:252
                if "GIT_WORK_TREE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c6ad20baeeec7e1 Environment-variable access.
repo/base.py:253
                    self._working_tree_dir = os.getenv("GIT_WORK_TREE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb067087b3bf75cd Filesystem access.
repo/base.py:257
                    with open(osp.join(git_dir, "gitdir")) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9489774d71a6e618 Environment-variable access.
repo/base.py:280
                if os.environ.get("GIT_COMMON_DIR") is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0aed7a64d932391d Environment-variable access.
repo/base.py:284
                if "GIT_WORK_TREE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccf424980a2d7ca2 Environment-variable access.
repo/base.py:285
                    self._working_tree_dir = os.getenv("GIT_WORK_TREE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af997305a6fe5d61 Filesystem access.
repo/base.py:321
            common_dir = (Path(self.git_dir) / "commondir").read_text().splitlines()[0].strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b86f58374d2874d3 Filesystem access.
repo/base.py:382
        with open(filename, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dea564a2f216b8fa Filesystem access.
repo/base.py:388
        with open(filename, "wb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38d52c7f41fe547f Environment-variable access.
repo/base.py:663
            config_home = os.environ.get("XDG_CONFIG_HOME") or osp.join(os.environ.get("HOME", "~"), ".config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdd2d4ea153c0726 Filesystem access.
repo/base.py:922
            with open(alternates_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64a0ee4d38739937 Filesystem access.
repo/base.py:945
            with open(alternates_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e3337b21be913b7 Filesystem access.
repo/base.py:1661
        with open(rebase_head_file, "rt") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb62877f6519a77d Filesystem access.
repo/fun.py:55
    with open(filename, "ab"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37702c013f3d1a38 Environment-variable access.
repo/fun.py:69
        if (osp.isdir(osp.join(d, "objects")) or "GIT_OBJECT_DIRECTORY" in os.environ) and osp.isdir(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30abb157be7767e4 Filesystem access.
repo/fun.py:93
        lines = Path(dotgit).read_text().splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c70594f6b1bfe5f4 Filesystem access.
repo/fun.py:108
        with open(d) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b6b751a7ba9adbd Environment-variable access.
pkgs/python/[email protected]/git/util.py:122
        value = os.environ[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aac095f8619b3b86 Environment-variable access.
pkgs/python/[email protected]/git/util.py:201
    old_value = os.getenv(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6db92da32d03557 Environment-variable access.
pkgs/python/[email protected]/git/util.py:202
    os.environ[name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7740fae976a949b2 Environment-variable access.
pkgs/python/[email protected]/git/util.py:207
            del os.environ[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #387096b8c1799755 Environment-variable access.
pkgs/python/[email protected]/git/util.py:209
            os.environ[name] = old_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78be2c03b3d7290c Environment-variable access.
pkgs/python/[email protected]/git/util.py:338
    PATHEXT = os.environ.get("PATHEXT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b14aa2b85b8530a Environment-variable access.
pkgs/python/[email protected]/git/util.py:374
        path = os.environ["PATH"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35d2a21b7b6b999d Environment-variable access.
pkgs/python/[email protected]/git/util.py:865
                val = os.environ[evar]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #034d29f87a89c794 Filesystem access.
pkgs/python/[email protected]/git/util.py:1051
            with open(lock_file, mode="w"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02b409397770a097 Filesystem access.
pkgs/python/[email protected]/setup.py:14
    return (Path(__file__).parent / path).read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f61cb8ce4151968b Filesystem access.
pkgs/python/[email protected]/setup.py:49
        with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c703ef8412ef0bd Filesystem access.
pkgs/python/[email protected]/setup.py:59
        with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-api-python-client

python dependency
expand_more 14 low-confidence finding(s)
low env_fs dependency Excluded from app score #9ebed6758fa00019 Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:430
    if "REMOTE_ADDR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27f28109872c1023 Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:431
        actual_url = _add_query_parameter(url, "userIp", os.environ["REMOTE_ADDR"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b1450c3971e902f Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:573
        universe_domain_env = os.getenv(GOOGLE_CLOUD_UNIVERSE_DOMAIN, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8677d5525b939eaf Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:656
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d3d9b5d3f552ebe Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:703
            use_mtls_endpoint = os.getenv(GOOGLE_API_USE_MTLS_ENDPOINT, "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #011fb27626fbcca9 Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery_cache/__init__.py:37
    if "GAE_ENV" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ce6c6d6dcec75e2 Filesystem access.
pkgs/python/[email protected]/googleapiclient/discovery_cache/__init__.py:72
        with open(os.path.join(DISCOVERY_DOC_DIR, doc_name), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #981356fb479240bf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/googleapiclient/http.py:191
            resp, content = http.request(uri, method, *args, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #d7ca4b73c013958d Filesystem access.
pkgs/python/[email protected]/googleapiclient/http.py:594
        self._fd = open(self._filename, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #0e13d62d5694de9d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/googleapiclient/http.py:1028
            resp, content = http.request(self.resumable_uri, "PUT", headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7841eaf055dd1549 Filesystem access.
pkgs/python/[email protected]/googleapiclient/http.py:1735
            with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4903f2b59064fa2 Filesystem access.
pkgs/python/[email protected]/googleapiclient/sample_tools.py:104
        with open(discovery_filename) as discovery_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37cafc39e0ea3118 Filesystem access.
pkgs/python/[email protected]/setup.py:52
with io.open(readme_filename, encoding="utf-8") as readme_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fb3da0cc366e25d Filesystem access.
pkgs/python/[email protected]/setup.py:58
with open(os.path.join(package_root, "googleapiclient/version.py")) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-auth-httplib2

python dependency
expand_more 2 low-confidence finding(s)
low egress dependency Excluded from app score #7a9dfd2a1f83738e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google_auth_httplib2.py:216
        response, content = self.http.request(
            uri,
            method,
            body=body,
            headers=request_headers,
            redirections=redirections,
            connection_type=connection_type,
            **kwargs
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #17d1ca0a85e18c9c Filesystem access.
pkgs/python/[email protected]/setup.py:26
with io.open("README.rst", "r") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-auth-oauthlib

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #e359f07ee39142d0 Filesystem access.
pkgs/python/[email protected]/google_auth_oauthlib/flow.py:198
        with open(client_secrets_file, "r") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4051aa5e17cb084f Filesystem access.
pkgs/python/[email protected]/google_auth_oauthlib/helpers.py:94
    with open(client_secrets_file, "r") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59af82c5a9477a16 Filesystem access.
pkgs/python/[email protected]/google_auth_oauthlib/tool/__main__.py:113
        with open(credentials, "w") as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1965f7ec857de42e Filesystem access.
pkgs/python/[email protected]/setup.py:31
with io.open("README.rst", "r") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-cloud-recaptcha-enterprise

python dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #e435f6711aa8195d Environment-variable access.
pkgs/python/[email protected]/google/cloud/recaptchaenterprise_v1/services/recaptcha_enterprise_service/client.py:175
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24bc9fcebc0e2f88 Environment-variable access.
pkgs/python/[email protected]/google/cloud/recaptchaenterprise_v1/services/recaptcha_enterprise_service/client.py:466
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e3ae9b55d1f07f9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/recaptchaenterprise_v1/services/recaptcha_enterprise_service/client.py:507
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f5af1c5ce5b3960 Environment-variable access.
pkgs/python/[email protected]/google/cloud/recaptchaenterprise_v1/services/recaptcha_enterprise_service/client.py:508
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #991165e2895b1461 Filesystem access.
pkgs/python/[email protected]/setup.py:31
with open(
    os.path.join(package_root, "google/cloud/recaptchaenterprise/gapic_version.py")
) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efff29e524381907 Filesystem access.
pkgs/python/[email protected]/setup.py:60
with io.open(readme_filename, encoding="utf-8") as readme_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-genai

python dependency
expand_more 86 low-confidence finding(s)
low env_fs dependency Excluded from app score #c2ad6f2c77ac257d Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:110
  env_google_api_key = os.environ.get('GOOGLE_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b668381abfb4b31 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:111
  env_gemini_api_key = os.environ.get('GEMINI_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #727078da24bb000b Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:616
      env_enterprise_str = os.environ.get('GOOGLE_GENAI_USE_ENTERPRISE', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccc9f65e89e8860b Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:617
      env_vertexai_str = os.environ.get('GOOGLE_GENAI_USE_VERTEXAI', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3feb85f9320926e7 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:677
    env_project = os.environ.get('GOOGLE_CLOUD_PROJECT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5855656143f8e6d Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:678
    env_location = os.environ.get('GOOGLE_CLOUD_LOCATION', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0992825522af950f Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1046
          cafile=os.environ.get('SSL_CERT_FILE', certifi.where()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c85298216072dc5 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1047
          capath=os.environ.get('SSL_CERT_DIR'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a910c6506805514 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1100
          cafile=os.environ.get('SSL_CERT_FILE', certifi.where()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a319db78a87daad9 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1101
          capath=os.environ.get('SSL_CERT_DIR'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fde82b7f807fe237 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1158
          cafile=os.environ.get('SSL_CERT_FILE', certifi.where()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #307dbe409d95cf78 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1159
          capath=os.environ.get('SSL_CERT_DIR'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72d6b0c47293c332 Filesystem access.
pkgs/python/[email protected]/google/genai/_api_client.py:1764
      with open(file_path, 'rb') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1012fb64cd532ab Environment-variable access.
pkgs/python/[email protected]/google/genai/_base_url.py:48
    return _default_base_vertex_url or os.getenv('GOOGLE_VERTEX_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34d4067a528985fa Environment-variable access.
pkgs/python/[email protected]/google/genai/_base_url.py:50
    return _default_base_gemini_url or os.getenv('GOOGLE_GEMINI_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d269d529d60b4f47 Filesystem access.
pkgs/python/[email protected]/google/genai/_gaos/types/base64fileinput.py:39
            with open(value, "rb") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #257055fd097349a9 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/logger.py:40
    if os.getenv("GOOGLE_GENAI_DEBUG"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #339d2c4540f96039 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:95
    if os.getenv("GOOGLE_GENAI_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5314cd0ae8789f9 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:96
        security_dict["api_key"] = os.getenv("GOOGLE_GENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e10828fdf98e56d Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:98
    if os.getenv("GOOGLE_GENAI_ACCESS_TOKEN"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79ac8ad85584ed61 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:99
        security_dict["access_token"] = os.getenv("GOOGLE_GENAI_ACCESS_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bcc23947494d8c6 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:101
    if os.getenv("GOOGLE_GENAI_DEFAULT_HEADERS"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39776ae5eba8d136 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:102
        security_dict["default_headers"] = os.getenv("GOOGLE_GENAI_DEFAULT_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b02a13d0510d3fd8 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/values.py:79
    env_value = os.getenv(env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af453759a5347a54 Filesystem access.
pkgs/python/[email protected]/google/genai/_local_tokenizer_loader.py:111
  with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff0575d74ea4adda Filesystem access.
pkgs/python/[email protected]/google/genai/_local_tokenizer_loader.py:128
    with open(tmp_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1785143cc7e5c523 Environment-variable access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:223
      os.environ.get('PYTEST_CURRENT_TEST'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f11ffc674df0ee8 Environment-variable access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:315
      self.replays_directory = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0122fe4a96500108 Environment-variable access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:315
      self.replays_directory = os.environ.get(
          'GOOGLE_GENAI_REPLAYS_DIRECTORY', None
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1995487a6daa9f7e Filesystem access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:359
      with open(replay_file_path, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e897341504b382c Filesystem access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:386
    with open(replay_file_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #c22bf716788f7f2b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/batches.py:1827
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2eaeb9e7fef2a96f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/batches.py:1906
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7b9119c68eb98b71 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/batches.py:2001
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ad028a5f21353fc0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/batches.py:2097
    self._api_client.request('post', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bda9580604b480bc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/batches.py:2138
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #36148fa091c9adab Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/batches.py:2236
    response = self._api_client.request(
        'delete', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2218597b9381be0c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/caches.py:1227
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8d81bce470baf504 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/caches.py:1309
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b5a967d911f1ce77 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/caches.py:1391
    response = self._api_client.request(
        'delete', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #eb1ab3baa0232c2b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/caches.py:1486
    response = self._api_client.request(
        'patch', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #db041a788efbc122 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/caches.py:1553
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #3ea094a45aed6121 Environment-variable access.
pkgs/python/[email protected]/google/genai/client.py:215
      default_factory=lambda: os.getenv('GOOGLE_GENAI_CLIENT_MODE', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #409d98e4a7e32d2e Environment-variable access.
pkgs/python/[email protected]/google/genai/client.py:219
      default_factory=lambda: os.getenv('GOOGLE_GENAI_REPLAYS_DIRECTORY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e681c8c24161a1d2 Environment-variable access.
pkgs/python/[email protected]/google/genai/client.py:223
      default_factory=lambda: os.getenv('GOOGLE_GENAI_REPLAY_ID', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #f57b75927bed4028 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/documents.py:180
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ee8e9f89788cadd5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/documents.py:258
    self._api_client.request('delete', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #21db1c0aa96e7ed1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/documents.py:301
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a40d6199575fc849 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/file_search_stores.py:380
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5f636094bbb26c18 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/file_search_stores.py:461
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c705ebb3e01b6161 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/file_search_stores.py:540
    self._api_client.request('delete', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #77cf9ad1c10e8c50 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/file_search_stores.py:579
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e7d06523757d5362 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/file_search_stores.py:654
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8b5b6a7cffcb238d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/file_search_stores.py:758
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #cc1e91678bcab754 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/files.py:221
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3c60df722c1d9104 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/files.py:293
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #53fb134e28b71584 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/files.py:386
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f749e65add24c090 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/files.py:466
    response = self._api_client.request(
        'delete', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #af213f0f869e2183 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/files.py:540
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #cf9c354dfb9e042f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:4986
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4662f3b2931daaca Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5215
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #016f5610725dcd66 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5306
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e9a786fb19a26464 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5395
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f2876e4cdfcf26e6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5479
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5ec2309be4a011ad Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5591
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1d1674437a0c5242 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5694
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2e29b94d56abcfe6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5771
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5b56bc786adfeff7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5851
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #815573a5ae51bec4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5936
    response = self._api_client.request(
        'patch', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #04be0f808e327f64 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:6017
    response = self._api_client.request(
        'delete', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c58a69fbd378e7bc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:6127
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4e02e9d8f3fbe9dd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:6235
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a47d606183bf89ef Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:6327
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b8722318b1dc14ae Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/operations.py:138
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #50b1e2b290f8f7b3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/operations.py:189
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #464f8dba97ea5fc4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/operations.py:238
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c1e22eee5b1d0330 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/tokens.py:257
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c7382c54bbf09577 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/tunings.py:2490
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #41a6602739f3793d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/tunings.py:2567
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7911c88a04cd8b52 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/tunings.py:2653
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ad198c5eccca7e6d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/tunings.py:2751
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c640deb6a6545498 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/tunings.py:2844
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #084f86466204f409 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/tunings.py:2961
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #3850159123294fdb Filesystem access.
pkgs/python/[email protected]/google/genai/types.py:9089
    image_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d1ce0de3fb109c4 Filesystem access.
pkgs/python/[email protected]/google/genai/types.py:11474
    video_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a271aa83cc40830b Filesystem access.
pkgs/python/[email protected]/google/genai/types.py:22544
    with open(file_path, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

html2text

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #5bac6b24a4c60ca2 Filesystem access.
pkgs/python/[email protected]/html2text/cli.py:285
        with open(args.filename, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

httpx

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #b49325f0f945a569 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:34
        if trust_env and os.environ.get("SSL_CERT_FILE"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00c74d3bc0fee463 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:35
            ctx = ssl.create_default_context(cafile=os.environ["SSL_CERT_FILE"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a15306e3b0118861 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:36
        elif trust_env and os.environ.get("SSL_CERT_DIR"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab0f4edae8759e24 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:37
            ctx = ssl.create_default_context(capath=os.environ["SSL_CERT_DIR"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

httpx-aiohttp

python dependency
expand_more 16 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #db08b408faa0d9b8 Environment-variable access.
pkgs/python/[email protected]/benchmarks/client/blacksheep/script.py:14
SERVER_URL = os.getenv("SERVER_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b04fbae19c406518 Environment-variable access.
pkgs/python/[email protected]/benchmarks/client/blacksheep/script.py:15
REQUESTS_COUNT = int(os.getenv("REQUESTS_COUNT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4d04e5523181185d Filesystem access.
pkgs/python/[email protected]/benchmarks/client/blacksheep/script.py:30
    with open(
        "report.json",
        "w",
    ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #570a744edbeb0aa3 Environment-variable access.
pkgs/python/[email protected]/benchmarks/client/httpx-aiohttp/script.py:19
SERVER_URL = os.getenv("SERVER_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f917d5cc900a4a43 Environment-variable access.
pkgs/python/[email protected]/benchmarks/client/httpx-aiohttp/script.py:20
REQUESTS_COUNT = int(os.getenv("REQUESTS_COUNT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5953b7f2a5edc154 Filesystem access.
pkgs/python/[email protected]/benchmarks/client/httpx-aiohttp/script.py:36
    with open(
        "report.json",
        "w",
    ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #2e0fb5881da63b64 Environment-variable access.
pkgs/python/[email protected]/benchmarks/client/httpx/script.py:14
SERVER_URL = os.getenv("SERVER_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #93bcda9ffaf2d99f Environment-variable access.
pkgs/python/[email protected]/benchmarks/client/httpx/script.py:15
REQUESTS_COUNT = int(os.getenv("REQUESTS_COUNT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #53b510382677a13b Filesystem access.
pkgs/python/[email protected]/benchmarks/client/httpx/script.py:33
    with open(
        "report.json",
        "w",
    ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ad8c37a98ab213f7 Filesystem access.
pkgs/python/[email protected]/benchmarks/reporter.py:28
    with open(report_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9da1d130f51d114d Environment-variable access.
pkgs/python/[email protected]/benchmarks/reporter.py:42
    report_str.append(f"**PR Number**: {os.getenv('PR_NUMBER')}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f533b3be5ece9cf1 Environment-variable access.
pkgs/python/[email protected]/benchmarks/reporter.py:63
    repo_owner = os.getenv("GITHUB_REPOSITORY_OWNER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0d50042c6193e3b5 Environment-variable access.
pkgs/python/[email protected]/benchmarks/reporter.py:64
    repo_name = os.getenv("GITHUB_REPOSITORY").split("/")[1]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1178f3e99c7ffea7 Environment-variable access.
pkgs/python/[email protected]/benchmarks/reporter.py:65
    pr_number = os.getenv("PR_NUMBER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2ebd9f46e8225a18 Environment-variable access.
pkgs/python/[email protected]/benchmarks/reporter.py:66
    token = os.getenv("GITHUB_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #9d94ada5904b076f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/benchmarks/reporter.py:81
        response = client.post(url, json=payload, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

ipywidgets

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #eea9acb306bb918f Filesystem access.
pkgs/python/[email protected]/ipywidgets/embed.py:318
        with open(fp, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d604d454489e1e7f Environment-variable access.
pkgs/python/[email protected]/ipywidgets/widgets/widget.py:36
    if name in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6daa56b01d1d839b Environment-variable access.
pkgs/python/[email protected]/ipywidgets/widgets/widget.py:37
        return os.environ[name].lower() not in ['no', 'n', 'false', 'off', '0', '0.0']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96ea87848a95e0b1 Filesystem access.
pkgs/python/[email protected]/ipywidgets/widgets/widget_media.py:94
            with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jinja2

python dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #a66f9d2531e87660 Filesystem access.
pkgs/python/[email protected]/src/jinja2/bccache.py:270
            f = open(filename, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39b558d012e0d0ed Filesystem access.
pkgs/python/[email protected]/src/jinja2/environment.py:860
                with open(os.path.join(target, filename), "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02b74e54de0dee58 Filesystem access.
pkgs/python/[email protected]/src/jinja2/environment.py:1611
            real_fp: t.IO[bytes] = open(fp, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd953c45647c062d Filesystem access.
pkgs/python/[email protected]/src/jinja2/loaders.py:214
        with open(filename, encoding=self.encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0754bafe294b9b9d Filesystem access.
pkgs/python/[email protected]/src/jinja2/loaders.py:382
            with open(p, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20a60fe8643ef930 Filesystem access.
pkgs/python/[email protected]/src/jinja2/utils.py:171
    return open(filename, mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

joblib

python dependency
expand_more 30 low-confidence finding(s)
low env_fs dependency Excluded from app score #e55a977147207293 Environment-variable access.
pkgs/python/[email protected]/conftest.py:73
    DEFAULT_BACKEND = os.environ.get("JOBLIB_TESTS_DEFAULT_PARALLEL_BACKEND", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca146bd12de78629 Environment-variable access.
pkgs/python/[email protected]/conftest.py:110
        os.environ.get(k) is None for k in ParallelBackendBase.MAX_NUM_THREADS_VARS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb4230e14ef9b718 Environment-variable access.
pkgs/python/[email protected]/joblib/__init__.py:163
os.environ.setdefault("KMP_INIT_AT_FORK", "FALSE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eacc993e9b432fc1 Environment-variable access.
pkgs/python/[email protected]/joblib/_memmapping_reducer.py:209
        temp_folder = os.environ.get("JOBLIB_TEMP_FOLDER", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddc98df2560d351e Environment-variable access.
pkgs/python/[email protected]/joblib/_multiprocessing_helpers.py:13
mp = int(os.environ.get("JOBLIB_MULTIPROCESSING", 1)) or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bdaee0d7f18097a Environment-variable access.
pkgs/python/[email protected]/joblib/_parallel_backends.py:238
                var_value = os.environ.get(var, default_n_threads)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f87da5543f341d0 Environment-variable access.
pkgs/python/[email protected]/joblib/_parallel_backends.py:244
        if self.TBB_ENABLE_IPC_VAR not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d118b74271c18c35 Filesystem access.
pkgs/python/[email protected]/joblib/_store_backends.py:480
                with open(gitignore, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ceeaa2117dd07f8 Filesystem access.
pkgs/python/[email protected]/joblib/compressor.py:289
            self._fp = io.open(filename, mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61545bc799a762d7 Filesystem access.
pkgs/python/[email protected]/joblib/externals/loky/backend/context.py:151
        with open(cpu_max_fname) as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9328edd0c24d1a8f Filesystem access.
pkgs/python/[email protected]/joblib/externals/loky/backend/context.py:156
        with open(cfs_quota_fname) as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68dfc14e89235648 Filesystem access.
pkgs/python/[email protected]/joblib/externals/loky/backend/context.py:158
        with open(cfs_period_fname) as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ef6deedd658beec Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/backend/context.py:199
            and os.environ.get("LOKY_MAX_CPU_COUNT") is None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a20df40d47eafc0d Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/backend/context.py:222
    cpu_count_loky = int(os.environ.get("LOKY_MAX_CPU_COUNT", os_cpu_count))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3513e44625d6ff3d Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/backend/fork_exec.py:21
    env = {**os.environ, **env}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #525785e2a4b372f8 Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/backend/popen_loky_win32.py:73
        child_env = {**os.environ, **process_obj.env}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65b287fb6c07cb91 Filesystem access.
pkgs/python/[email protected]/joblib/externals/loky/backend/popen_loky_win32.py:83
        with open(wfd, "wb") as to_child:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b12d6938d1ac83c4 Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/backend/reduction.py:89
ENV_LOKY_PICKLER = os.environ.get("LOKY_PICKLER", DEFAULT_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1452fa87662c9ba Filesystem access.
pkgs/python/[email protected]/joblib/externals/loky/backend/resource_tracker.py:284
        with open(fd, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdd09fce591797b8 Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/process_executor.py:93
MAX_DEPTH = int(os.environ.get("LOKY_MAX_DEPTH", 10))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02bf455394459af1 Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/process_executor.py:382
    if "PYTHONFAULTHANDLER" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d6f473c122ff51d Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/process_executor.py:388
            f"PYTHONFAULTHANDLER={os.environ['PYTHONFAULTHANDLER']}."

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65e61701f801a5dd Filesystem access.
pkgs/python/[email protected]/joblib/logger.py:125
                with open(logfile, "w") as logfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cba6971f0fd09a80 Filesystem access.
pkgs/python/[email protected]/joblib/logger.py:150
                with open(self.logfile, "a") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #612b801785230fca Filesystem access.
pkgs/python/[email protected]/joblib/numpy_pickle.py:599
        with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9807ceed01357fa8 Filesystem access.
pkgs/python/[email protected]/joblib/numpy_pickle.py:650
    with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5111c23603c7769 Filesystem access.
pkgs/python/[email protected]/joblib/numpy_pickle.py:735
        with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6310b47c539bc333 Filesystem access.
pkgs/python/[email protected]/joblib/numpy_pickle_compat.py:156
        with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fbf92b49e1b20a1 Filesystem access.
pkgs/python/[email protected]/joblib/numpy_pickle_compat.py:230
    with open(filename, "rb") as file_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cd7d897e65567f2 Environment-variable access.
pkgs/python/[email protected]/joblib/parallel.py:581
    method = os.environ.get("JOBLIB_START_METHOD", "").strip() or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jupyter-kernel-gateway

python dependency
expand_more 33 low-confidence finding(s)
low env_fs dependency Excluded from app score #912686327b2416d7 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:92
        return int(os.getenv(self.port_env, self.port_default_value))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ebfba4ab9a9ee24 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:104
        return int(os.getenv(self.port_retries_env, self.port_retries_default_value))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #554e9ac762a3cebd Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:114
        return os.getenv(self.ip_env, self.ip_default_value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef5813e872108a4d Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:127
        return os.getenv(self.base_url_env, self.base_url_default_value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #155fa123345ab956 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:137
        return os.getenv(self.auth_token_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65caf1c188486781 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:148
        return os.getenv(self.allow_credentials_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56a70f1ff1a0a1c0 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:157
        return os.getenv(self.allow_headers_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #784bd000b472cf71 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:166
        return os.getenv(self.allow_methods_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17a3fcd3cd91941b Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:175
        return os.getenv(self.allow_origin_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51a736f0bf435e1e Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:185
        return os.getenv(self.expose_headers_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03874d4458eaeb42 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:196
        return os.getenv(self.trust_xheaders_env, "False").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0dcdd8e701f95e2 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:205
        return os.getenv(self.max_age_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #917d50947f2ed1f2 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:217
        val = os.getenv(self.max_kernels_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44bf8ea072958c92 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:230
        return os.getenv(self.seed_uri_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0fb6a596dd9e4e5 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:242
        val = os.getenv(self.prespawn_count_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf3c1a7b8e08c71a Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:254
        return os.getenv(self.default_kernel_name_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7dad691c96ef2f80 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:264
        return os.getenv(self.force_kernel_name_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2c9e2b34e0d0999 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:274
        return os.getenv(self.env_process_whitelist_env, "").split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11e7fbc67329a66d Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:290
        return os.getenv(self.api_env, self.api_default_value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99d2e7620d019e52 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:310
        return os.getenv(self.certfile_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c88d1496b10ba9ef Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:322
        return os.getenv(self.keyfile_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4f12d413460c381 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:334
        return os.getenv(self.client_ca_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a8f996f84d67040 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:347
        ssl_from_env = os.getenv(self.ssl_version_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5764f35b487e7b4 Filesystem access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:373
            with open(self.cookie_secret_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a104770449bbcf82 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:407
        return int(os.getenv(self.ws_ping_interval_env, self.ws_ping_interval_default_value))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0317b15311ffe560 Filesystem access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:495
            with open(path) as nb_fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce6b9451c8a182ed Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/jupyter_websocket/__init__.py:34
        return os.getenv(self.list_kernels_env, "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9971b9ada8d0074 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/jupyter_websocket/__init__.py:45
        return os.getenv(self.env_whitelist_env, "").split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #041a60a6f46bfdf2 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/notebook_http/__init__.py:37
        return os.getenv(self.cell_parser_env, "kernel_gateway.notebook_http.cell.parser")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e888ef9aa234b2c Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/notebook_http/__init__.py:52
        return os.getenv(self.allow_notebook_download_env, "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d247b45a3d74a42c Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/notebook_http/__init__.py:64
        return os.getenv(self.static_path_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #699de25eb4fd4dcf Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/services/kernels/handlers.py:57
            env = {"PATH": os.getenv("PATH", "")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7b320bb2278edc8 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/services/kernels/handlers.py:62
                    for key, value in os.environ.items()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

kubernetes

python dependency
expand_more 68 low-confidence finding(s)
low env_fs dependency Excluded from app score #33b89f64f39b0f65 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/client/api_client.py:501
                    with open(n, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3cca5300141a010 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/client/api_client.py:612
        with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00c086cd03d6ecc0 Environment-variable access.
pkgs/python/[email protected]/kubernetes/aio/config/exec_provider.py:44
        self.env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eaa20439ffe85c9f Environment-variable access.
pkgs/python/[email protected]/kubernetes/aio/config/incluster_config.py:42
                 environ=os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f3ccea1f6b7b5fe Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/incluster_config.py:81
        with open(self._cert_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66d38c759c0fe8a2 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/incluster_config.py:103
        with open(self._token_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e11992d90f32d762 Environment-variable access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config.py:38
KUBE_CONFIG_DEFAULT_LOCATION = os.environ.get('KUBECONFIG', (pathlib.Path.home() / '.kube/config').as_posix())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d21266e8257ae7e0 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config.py:97
        with open(name, 'wb') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e565744b3c6298f Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config.py:124
            with open(self._file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #181abc151fd76b93 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config.py:525
        with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15c026268033d355 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config.py:558
        with open(path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1b43f2927f3741f5 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:126
        with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #af3511bdd77cf5dd Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:304
                        with open(v) as f1, open(other.__dict__[k]) as f2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #85ef3bc1ec3c008b Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:326
                    with open(v) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8ac80297ee9ed321 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:962
            with open(os.path.join(temp_dir, "cert_test"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #55411fa35f0b2404 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:964
            with open(os.path.join(temp_dir, "client_cert"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c85ce1aeb6803008 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:966
            with open(os.path.join(temp_dir, "client_key"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1f278605ce58659e Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:968
            with open(os.path.join(temp_dir, "token_file"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #459bebbd164b3a91 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/kubernetes/aio/config/openid.py:59
        async with client.post(*args, **kwargs) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #f4992674c6647d71 Filesystem access.
pkgs/python/[email protected]/kubernetes/client/api_client.py:498
                    with open(n, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e4dc6cd76e941f0 Filesystem access.
pkgs/python/[email protected]/kubernetes/client/api_client.py:606
        with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb00b7178c893242 Environment-variable access.
pkgs/python/[email protected]/kubernetes/client/configuration.py:212
        if os.getenv("HTTPS_PROXY"): self.proxy = os.getenv("HTTPS_PROXY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d192210fb2bae0b Environment-variable access.
pkgs/python/[email protected]/kubernetes/client/configuration.py:213
        if os.getenv("https_proxy"): self.proxy = os.getenv("https_proxy")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22c521bff4b921b1 Environment-variable access.
pkgs/python/[email protected]/kubernetes/client/configuration.py:214
        if os.getenv("HTTP_PROXY"): self.proxy = os.getenv("HTTP_PROXY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa5550b1feeee962 Environment-variable access.
pkgs/python/[email protected]/kubernetes/client/configuration.py:215
        if os.getenv("http_proxy"): self.proxy = os.getenv("http_proxy")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16ba22bbdfc44847 Environment-variable access.
pkgs/python/[email protected]/kubernetes/client/configuration.py:217
        if os.getenv("NO_PROXY"): self.no_proxy = os.getenv("NO_PROXY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28c8e70e8dbf4e30 Environment-variable access.
pkgs/python/[email protected]/kubernetes/client/configuration.py:218
        if os.getenv("no_proxy"): self.no_proxy = os.getenv("no_proxy")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ed71372a224ce515 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/kubernetes/client/rest.py:167
                    r = self.pool_manager.request(
                        method, url,
                        body=request_body,
                        preload_content=_preload_content,
                        timeout=timeout,
                        headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bc1e85771024eb93 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/kubernetes/client/rest.py:174
                    r = self.pool_manager.request(
                        method, url,
                        fields=post_params,
                        encode_multipart=False,
                        preload_content=_preload_content,
                        timeout=timeout,
                        headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c144222f4d5a8bd0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/kubernetes/client/rest.py:186
                    r = self.pool_manager.request(
                        method, url,
                        fields=post_params,
                        encode_multipart=True,
                        preload_content=_preload_content,
                        timeout=timeout,
                        headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #da0d419441bd05d8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/kubernetes/client/rest.py:198
                    r = self.pool_manager.request(
                        method, url,
                        body=request_body,
                        preload_content=_preload_content,
                        timeout=timeout,
                        headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ea2175e1ee353706 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/kubernetes/client/rest.py:212
                r = self.pool_manager.request(method, url,
                                              fields=query_params,
                                              preload_content=_preload_content,
                                              timeout=timeout,
                                              headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #022e29b315ff773c Environment-variable access.
pkgs/python/[email protected]/kubernetes/config/exec_provider.py:48
        self.env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e01c967a7ad298b2 Environment-variable access.
pkgs/python/[email protected]/kubernetes/config/incluster_config.py:42
                 environ=os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bef3d6fbdc433385 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/incluster_config.py:81
        with open(self._cert_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #047b96d8874d8e0a Filesystem access.
pkgs/python/[email protected]/kubernetes/config/incluster_config.py:103
        with open(self._token_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f316c18bf58e980 Environment-variable access.
pkgs/python/[email protected]/kubernetes/config/kube_config.py:48
KUBE_CONFIG_DEFAULT_LOCATION = os.environ.get('KUBECONFIG', '~/.kube/config')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #631f067a57c26f1b Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config.py:76
    with open(name, 'wb') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c473b8bec869a8d1 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config.py:131
            with open(self._file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90abb5aec6da7612 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config.py:392
            with open(ca_cert.name, 'w') as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bee82e879ea7821 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config.py:670
        with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69ff79cdc3f4f625 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config.py:707
        with open(path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #37c4e16f1a302156 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:164
        with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #66f9492e1209d285 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:387
                        with open(v) as f1, open(other.__dict__[k]) as f2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #214f660f5a8dbac2 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:409
                    with open(v) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d7011920f148711a Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:1173
            with open(os.path.join(temp_dir, "cert_test"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #76fb38dc509d4ff1 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:1175
            with open(os.path.join(temp_dir, "client_cert"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2ccb59ddff1d983f Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:1177
            with open(os.path.join(temp_dir, "client_key"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #47aca629d824068a Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:1179
            with open(os.path.join(temp_dir, "token_file"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b9a80c4412668ae Filesystem access.
pkgs/python/[email protected]/kubernetes/dynamic/discovery.py:60
                with open(self.__cache_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03e56fff18dad2c0 Filesystem access.
pkgs/python/[email protected]/kubernetes/dynamic/discovery.py:75
            with open(self.__cache_file, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #723b231b6f4345d8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/kubernetes/dynamic/discovery.py:116
            groups_response = self.client.request('GET', '/{}'.format(DISCOVERY_PREFIX)).groups

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #fe67d85ad4ec7dae Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/kubernetes/dynamic/discovery.py:143
                    'kubernetes': self.client.request('get', '/version', serializer=just_json)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b29d6171330a44a7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/kubernetes/dynamic/discovery.py:164
            resources_response = self.client.request('GET', path).resources or []

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5bb4c494a30ee134 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/kubernetes/dynamic/resource.py:256
        return self.parent.client.request('post', path, body=body, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #4f788027384f9c3b Filesystem access.
pkgs/python/[email protected]/kubernetes/stream/ws_client_test.py:55
    cfg_file.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #eadbeec27c7af179 Environment-variable access.
pkgs/python/[email protected]/kubernetes/stream/ws_client_test.py:404
    cfg.proxy = os.getenv("HTTPS_PROXY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #acf1684020051769 Environment-variable access.
pkgs/python/[email protected]/kubernetes/stream/ws_client_test.py:405
    cfg.no_proxy = os.getenv("NO_PROXY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #02a0ea5f8f407c3a Environment-variable access.
pkgs/python/[email protected]/kubernetes/stream/ws_client_test.py:414
    config.load_kube_config(config_file=os.environ["KUBECONFIG"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #592255ed66f4cca4 Environment-variable access.
pkgs/python/[email protected]/kubernetes/stream/ws_client_test.py:418
    config.load_kube_config(config_file=os.environ["KUBECONFIG"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #dc0ff77fcec7686b Environment-variable access.
pkgs/python/[email protected]/kubernetes/stream/ws_client_test.py:428
    config.load_kube_config(config_file=os.environ["KUBECONFIG"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #541a64ae8c77abc8 Filesystem access.
pkgs/python/[email protected]/kubernetes/utils/create_from_yaml.py:175
        with open(os.path.abspath(yaml_file)) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cc38d9cc2d78567 Filesystem access.
pkgs/python/[email protected]/setup-release.py:34
with open('requirements.txt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d11f499091ce833 Filesystem access.
pkgs/python/[email protected]/setup-release.py:47
with open('test-requirements.txt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87cd0e83ba2a4e8d Filesystem access.
pkgs/python/[email protected]/setup-release.py:50
with open('requirements-asyncio.txt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25ef4c4f85d36e72 Filesystem access.
pkgs/python/[email protected]/setup-release.py:53
with open('test-requirements-asyncio.txt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36e82e77ac85815e Filesystem access.
pkgs/python/[email protected]/setup.py:34
with open('requirements.txt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ca9fad0ba679e0d Filesystem access.
pkgs/python/[email protected]/setup.py:47
with open('test-requirements.txt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

libtmux

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #6e658f198fb1546e Environment-variable access.
pkgs/python/[email protected]/src/libtmux/_internal/env.py:65
    return os.environ if env is None else env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76d17b1852cb816d Environment-variable access.
pkgs/python/[email protected]/src/libtmux/formats.py:21
FORMAT_SEPARATOR = os.environ.get("LIBTMUX_TMUX_FORMAT_SEPARATOR", "␞")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9da1f324adfda834 Environment-variable access.
pkgs/python/[email protected]/src/libtmux/pytest_plugin.py:25
USING_ZSH = "zsh" in os.getenv("SHELL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ff20fd6809ebaa7 Environment-variable access.
pkgs/python/[email protected]/src/libtmux/pytest_plugin.py:56
    tmux_tmpdir = pathlib.Path(os.environ.get("TMUX_TMPDIR", "/tmp"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ae9b485db3d23f0 Filesystem access.
pkgs/python/[email protected]/src/libtmux/pytest_plugin.py:107
    c.write_text(
        """
set -g base-index 1
    """,
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e1b92068099f1ff Environment-variable access.
pkgs/python/[email protected]/src/libtmux/pytest_plugin.py:122
    for k in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c09f513456e95da Environment-variable access.
pkgs/python/[email protected]/src/libtmux/server.py:2324
        env = os.environ.get("TMUX")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3d317c63829cef1 Environment-variable access.
pkgs/python/[email protected]/src/libtmux/server.py:2327
            del os.environ["TMUX"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c065d83d5f56eebb Environment-variable access.
pkgs/python/[email protected]/src/libtmux/server.py:2381
                os.environ["TMUX"] = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

memory-profiler

python dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #990d47f163ed8272 Environment-variable access.
pkgs/python/[email protected]/memory_profiler.py:494
    path = os.getenv('PATH', os.defpath).split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65cdae95a57516a0 Filesystem access.
pkgs/python/[email protected]/memory_profiler.py:1015
            with open(text_file, 'w') as pfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47952cb4f3a5e84f Filesystem access.
pkgs/python/[email protected]/memory_profiler.py:1251
        with io.open(filename, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86c6aecfa72530ed Filesystem access.
pkgs/python/[email protected]/memory_profiler.py:1356
            out_file = open(args.out_filename, "a")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66b26bace18df235 Filesystem access.
pkgs/python/[email protected]/mprof.py:281
    with open(mprofile_output, "a") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8ebc043cb2aec84 Filesystem access.
pkgs/python/[email protected]/mprof.py:360
    f = open(filename, "r")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

numpy

python dependency
expand_more 1086 low-confidence finding(s)
low env_fs dependency Excluded from app score #c96b6f0d09254346 Filesystem access.
pkgs/python/[email protected]/.spin/cmds.py:122
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56932707e541fc42 Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:327
    PATH = os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04776694825677f6 Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:332
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #125c08c5cb832395 Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:497
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b102956ead9e80d4 Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:515
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2745d17af0ddfb33 Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:538
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7e77651c137f9b4 Filesystem access.
pkgs/python/[email protected]/.spin/cmds.py:617
        with open(local, "wt", encoding="utf8") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47fce5fc42a46efa Filesystem access.
pkgs/python/[email protected]/.spin/cmds.py:620
        with open(pkg_config_fname, "wt", encoding="utf8") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fcb34bc79e20a371 Environment-variable access.
pkgs/python/[email protected]/benchmarks/benchmarks/__init__.py:12
    if 'SHELL' in os.environ and sys.platform != 'win32':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e10040316b03686a Filesystem access.
pkgs/python/[email protected]/benchmarks/benchmarks/__init__.py:35
        with open(lock_path, 'a+') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #52b566f728d42bf7 Filesystem access.
pkgs/python/[email protected]/doc/neps/tools/build_index.py:34
        with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #011eda220e996b49 Filesystem access.
pkgs/python/[email protected]/doc/neps/tools/build_index.py:125
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df940d299fdcdbb6 Filesystem access.
pkgs/python/[email protected]/doc/postprocess.py:18
        with open(fn, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a46f3b7f6afb372 Filesystem access.
pkgs/python/[email protected]/doc/postprocess.py:24
        with open(fn, 'w', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a81b4b0d7450f96c Filesystem access.
pkgs/python/[email protected]/doc/preprocess.py:18
    with open(gen_path, 'w') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc00f63abe8ea396 Filesystem access.
pkgs/python/[email protected]/doc/preprocess.py:35
    with open(os.path.join(dsrc_path, "doxyfile")) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2394f9fc24c39c51 Filesystem access.
pkgs/python/[email protected]/doc/preprocess.py:44
            with open(conf_path) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d839f36748f5f7b9 Environment-variable access.
pkgs/python/[email protected]/doc/source/conf.py:273
if os.environ.get('CIRCLE_JOB') and os.environ['CIRCLE_BRANCH'] != 'main':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf8388014ded5f7f Environment-variable access.
pkgs/python/[email protected]/doc/source/conf.py:275
    switcher_version = os.environ['CIRCLE_BRANCH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9473faf23faf83c Environment-variable access.
pkgs/python/[email protected]/numpy/__init__.py:897
        use_hugepage = os.environ.get("NUMPY_MADVISE_HUGEPAGE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6e172647a928b11 Environment-variable access.
pkgs/python/[email protected]/numpy/__init__.py:929
    if (os.environ.get("NPY_PROMOTION_STATE", "weak") != "weak"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0822f6c152da6287 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/gitversion.py:8
    with open(init) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5735fe104d361327 Environment-variable access.
pkgs/python/[email protected]/numpy/_build_utils/gitversion.py:89
                os.environ.get('MESON_DIST_ROOT', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2baf483b0a4f28e9 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/gitversion.py:98
        with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2bb862368f335b8 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/process_src_template.py:32
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf34f5af525a6c16 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita.py:25
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #186b372d2745545a Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:164
        with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcdd3c4f75b86574 Environment-variable access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:1098
        vars.update(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df5a0e598e227ea1 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:1112
        with open(template_name, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ab1a47f612fbc79 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:1117
        with open(options.output, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a7774087f71f492 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/__init__.py:17
    if envkey not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #430f8b7bb22a2d31 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/_add_newdocs_scalars.py:60
            machine = os.environ.get('PROCESSOR_ARCHITEW6432', '') \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03bd8e8726d13b0a Environment-variable access.
pkgs/python/[email protected]/numpy/_core/_add_newdocs_scalars.py:61
                    or os.environ.get('PROCESSOR_ARCHITECTURE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7120bde53a8b1fd Filesystem access.
pkgs/python/[email protected]/numpy/_core/_methods.py:242
        ctx = open(os.fspath(file), "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85c2375ea2cfbc08 Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:249
        fo = open(filename, 'r')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #527a8c599f6ba672 Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:321
        with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56d984329278f19c Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:325
    with open(filename, 'w') as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d023a6578347f53 Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:545
    with open(file) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ca7d4b703a46e10 Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/generate_umath.py:1638
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1589dfbe808476bf Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/generate_umath_doc.py:23
    with open(target, 'w') as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca98c4140a002884 Filesystem access.
pkgs/python/[email protected]/numpy/_core/memmap.py:236
            f_ctx = open(
                os.fspath(filename),
                ('r' if mode == 'c' else mode) + 'b'
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e269b36338483a43 Filesystem access.
pkgs/python/[email protected]/numpy/_core/records.py:900
        ctx = open(os.fspath(fd), 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35559c65d5782ffc Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/common/pythoncapi-compat/upgrade_pythoncapi.py:608
        with open(filename, encoding=encoding, errors=errors, newline="") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31d9eca5947c8862 Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/common/pythoncapi-compat/upgrade_pythoncapi.py:627
        with open(filename, "w", encoding=encoding, errors=errors, newline="") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d9f23ff9872715d0 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:85
if 'REPO_NAME' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #858ee5f3b1d3226b Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:86
   REPO_NAME = os.environ['REPO_NAME']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3962f5e0d583dc90 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:91
if 'current_language' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8bb06e913c62f5df Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:93
   current_language = os.environ['current_language']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e175b37722bf50a5 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:106
if 'current_version' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7f72efd1f45cb01d Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:108
   current_version = os.environ['current_version']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #011407ddc5c879d8 Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/mm-converter.py:59
    data = open(file, 'r').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #139c135675128b0c Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/mm-converter.py:73
        with open(ext_file, 'w') as handler:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b948fe9311d19710 Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/mm-converter.py:83
            data = open(ext_file, 'r').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a97234eefa49f0b3 Environment-variable access.
pkgs/python/[email protected]/numpy/conftest.py:60
os.environ["NUMPY_EXPERIMENTAL_DTYPE_API"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2cfc79b3f50f999 Environment-variable access.
pkgs/python/[email protected]/numpy/conftest.py:102
        os.environ['NPY_AVAILABLE_MEM'] = available_mem

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b34ade82a2a303f Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler.py:62
    with open(dep_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b88913a7cce9f04a Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler.py:137
    env = env if env is not None else dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0635833000b8a8af Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler.py:548
            with open(fn, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4786baea2294f300 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:673
            extra_args  = os.environ.get("CFLAGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a7d901415f68600 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:674
            extra_args += os.environ.get("CPPFLAGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc38e4eb5462ab93 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:738
        old_path = os.getenv("path")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #189d3caf8ac00cbe Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:740
            os.environ["path"] = self._ccompiler._paths

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65aeab0620da29e6 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:743
            os.environ["path"] = old_path

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89345fa64581186b Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:875
        with open(self._cache_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab624b5f20927918 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:1100
        with open(test_path, "w") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #230495eb22b041c8 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:1864
        with open(source) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #deb3d25296fc3aea Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:2381
        with open(header_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1030d9c61704486d Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:2569
        with open(wrap_path, "w") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f82bd54d4b18b200 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:2593
            with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b495eac8da3ce67 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:2626
        with open(config_path, "w") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94dbfec5a66e601d Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_clib.py:442
            with open(listfn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68857578f72412d3 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_clib.py:447
            with open(listfn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c429cd7349ccf726 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_clib.py:453
            with open(lib_fname, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d53e6ba4560d3900 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_ext.py:656
                    with open(fake_lib) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ac103d47ff3d935 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_ext.py:661
                    with open(c_lib) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a65bebf019ad9e43 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:29
    with open(source, 'r') as fs:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #755180bffdb66ea0 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:30
        with open(target, 'w') as ft:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3be7a9ba905dafae Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:431
                    with open(target_file, 'w') as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a04dea662ae12517 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:728
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f50c3b748b7ba15 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:738
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #867854deff0ed80c Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:763
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5614255e0c5479d Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/install.py:65
            with open(self.record) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac0c174c28ec30fc Filesystem access.
pkgs/python/[email protected]/numpy/distutils/conv_template.py:265
    with open(source) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #165258016cb593e7 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/conv_template.py:315
        fid = open(file, 'r')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4422bfff9e8c78a0 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/conv_template.py:318
        outfile = open(newname, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #351fe43195f32c17 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/cpuinfo.py:111
            fo = open('/proc/cpuinfo')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0d69945a2b327d8 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/exec_command.py:130
        path = os.environ.get('PATH', os.defpath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #971ae8394c372929 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/exec_command.py:169
    env = {name: os.environ.get(name) for name in names}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08fcd329e3ede0c5 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/exec_command.py:175
        os.environ[name] = value or ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #834ac93d761db530 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/exec_command.py:264
        sh = os.environ.get('SHELL', '/bin/sh')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95d4327ba78249ba Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/__init__.py:989
    with open(file, encoding='latin1') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b5a24d5dabf3f83 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/__init__.py:1008
    with open(src, encoding='latin1') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d33bc25f2a5a699 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/__init__.py:1020
    with open(src, encoding='latin1') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f691b3a8a1340600 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/absoft.py:79
        d = os.environ.get('ABSOFT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b42dedf6fae71afe Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/environment.py:22
            v = os.environ.get(envvar, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b99412dc90ad2bd Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/environment.py:58
            envvar_contents = os.environ.get(envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99277f53d8d8e377 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/environment.py:62
                    if os.environ.get('NPY_DISTUTILS_APPEND_FLAGS', '1') == '1':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #188e19dd8daf8882 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/gnu.py:112
            target = os.environ.get('MACOSX_DEPLOYMENT_TARGET', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88a3c6b410025b47 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/gnu.py:130
                os.environ['MACOSX_DEPLOYMENT_TARGET'] = str(target)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #090ac88308169e01 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/gnu.py:404
            with open(fn, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a27f08add63883f Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/ibm.py:79
            with open(xlf_cfg) as fi:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e80fe078425d1b67 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/lahey.py:32
        d = os.environ.get('LAHEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9704d9975196ad3f Filesystem access.
pkgs/python/[email protected]/numpy/distutils/from_template.py:213
    with open(source) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51245059a0dccc6d Filesystem access.
pkgs/python/[email protected]/numpy/distutils/from_template.py:250
        fid = open(file, 'r')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73a77422dc15570d Filesystem access.
pkgs/python/[email protected]/numpy/distutils/from_template.py:253
        outfile = open(newname, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e82ef81c6778e2b Filesystem access.
pkgs/python/[email protected]/numpy/distutils/lib2def.py:112
        deffile = open(deffile, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9691a0f8aad3dedd Filesystem access.
pkgs/python/[email protected]/numpy/distutils/line_endings.py:15
    with open(file, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a75e10e4f527d455 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/line_endings.py:24
        with open(file, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5a6070d4ada9f70 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/line_endings.py:49
    with open(file, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7de3835ff0d37675 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/line_endings.py:58
        with open(file, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0aa7ce505b25faf0 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:206
    if 'SYSTEMROOT' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3f42d55fe89cce7 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:207
        lib_dirs.append(os.path.join(os.environ['SYSTEMROOT'], 'System32'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec2827a2c186e4f0 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:253
    with open(dfile, 'w') as d:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d01ce445e35170d1 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:270
        winsxs_path = os.path.join(os.environ.get('WINDIR', r'C:\WINDOWS'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #427ca2808defd224 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:282
        for path in [sys.prefix] + os.environ['PATH'].split(';'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20584157b2de92d5 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:473
    with open(def_file, 'w') as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cbcf89b8fd53d89 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:618
            with open(manifest_name(config), "w") as man:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c34b651f9a8044a0 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:97
    envjobs = int(os.environ.get("NPY_NUM_BUILD_JOBS", cpu_count))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df5a14b2b34ec376 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:222
    with open(config_file) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0215e8f23117a0c1 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:324
    if sys.platform=='cygwin' and 'USE_COLOR' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ef5ee8bda36cf61 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:427
        if os.environ.get('OSTYPE', '')=='msys':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c3f7f80a581d38b Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:429
        if os.environ.get('MSYSTEM', '')=='MINGW32':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1abe3e739e0a3c4 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:478
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06bd1f47be85f125 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1808
        old_path = os.environ.get('PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #274d9f472e463b0b Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1811
            os.environ['PATH'] = path

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd50f914fa30a99f Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1887
        if sys.platform=='win32' and os.environ.get('SVN_ASP_DOT_NET_HACK', None):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4d7cf81749e7833 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1892
            with open(entries) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b7f7df17edd2daa Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1922
            with open(branch_fn) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3087858b3b6f94a9 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1926
            with open(branch_cache_fn) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3a17f8303c08d0e Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:2043
                    with open(target, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e9161fc576e9df5 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:2083
                    with open(target, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbbae687ac018a18 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:2155
    d = os.environ.get('NPY_PKG_CONFIG_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea7d85193f0abb5a Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:2329
    with open(target, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #607b269d53e464a1 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvc9compiler.py:46
        environ_lib = os.getenv('lib')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d4d4939f4046b51 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvc9compiler.py:47
        environ_include = os.getenv('include')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bae89b773e7bf2a0 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvc9compiler.py:51
        os.environ['lib'] = _merge(environ_lib, os.environ['lib'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b607c4b1903dfad Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvc9compiler.py:52
        os.environ['include'] = _merge(environ_include, os.environ['include'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a205eac5368c25e7 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvccompiler.py:46
        environ_lib = os.getenv('lib', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19dd678ac385cfca Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvccompiler.py:47
        environ_include = os.getenv('include', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d49300f7dac29f26 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvccompiler.py:51
        os.environ['lib'] = _merge(environ_lib, os.environ['lib'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ec6c7a84ad70a97 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvccompiler.py:52
        os.environ['include'] = _merge(environ_include, os.environ['include'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #566b73599a5b302d Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/npy_pkg_config.py:409
    d = os.environ.get('NPY_PKG_CONFIG_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fc976bbf6017e1f Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:352
    with open(os.devnull, 'w') as tmp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #670c63b9567c62c8 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:443
    order_str = os.environ.get(env, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b45eaf72b4a7150 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:886
                    if e in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f02ac7d8e4270e3 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:892
        if env_var and env_var in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec26ed6351953b57 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:893
            d = os.environ[env_var]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76ca5ac732bbca99 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1264
        mklroot = os.environ.get('MKLROOT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92f18655bfcfc858 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1267
        paths = os.environ.get('LD_LIBRARY_PATH', '').split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de3feb781fb3fd7c Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1270
            with open(ld_so_conf) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fb52de6f353e49f Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1344
        tcsdsroot = os.environ.get('TCSDS_PATH', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5c7707a40309e54 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1820
            atlas_version = os.environ.get('ATLAS_VERSION', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1d563ce4dc3ffb3 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1968
        info['extra_link_args'] = os.environ['NPY_LAPACK_LIBS'].split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11f239cf9b26d356 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1982
        if 'NPY_LAPACK_LIBS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71bc25f370d77e40 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2135
        info['extra_link_args'] = os.environ['NPY_BLAS_LIBS'].split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c914499b199283a3 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2136
        if 'NPY_CBLAS_LIBS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c1ec67a24c593f9 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2139
                                        os.environ['NPY_CBLAS_LIBS'].split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d1dae3b075cadd5 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2151
        if 'NPY_BLAS_LIBS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #724d617e6b8f59b0 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2274
            with open(src, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6344467ac7880022 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2393
        with open(fake_lib_file, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b059e32564a8b5f Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2395
        with open(fake_clib_file, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71f225b78c8b8845 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2429
            with open(src, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e65b75381e6a992a Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2540
            with open(src, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d79a047b6fe7e27f Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2596
        libraries = os.environ.get('ACCELERATE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c85512d77ef84c29 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2604
                not os.getenv('_PYTHON_HOST_PLATFORM', None)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb021181cc063722 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2637
                if(os.getenv('NPY_USE_BLAS_ILP64', None)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3194b7f287159883 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2827
        if os.getenv("NUMERIX"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb9649d94093ede3 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2828
            which = os.getenv("NUMERIX"), "environment var"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3f2b616130907f5 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2855
        os.environ['NUMERIX'] = which[0]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c44ace04306ee24 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2963
        if self.config_env_var in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc4298cade81aaa7 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2964
            return os.environ[self.config_env_var]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #419a1ab60b9e92e3 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/unixccompiler.py:31
    if 'OPT' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2943a4cc79609dc1 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/unixccompiler.py:34
        opt = shlex.join(shlex.split(os.environ['OPT']))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c099f11636f745f Filesystem access.
pkgs/python/[email protected]/numpy/distutils/unixccompiler.py:67
        with open(obj + '.d', 'a') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7228d50bf55ed3f3 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/_backends/_meson.py:71
        return self.build_template_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33e8831b44870424 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/_backends/_meson.py:181
        meson_build_file.write_text(src)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9247508a6ccba6dc Filesystem access.
pkgs/python/[email protected]/numpy/f2py/_src_pyf.py:215
    with open(source) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84819e3ad6dfa071 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/auxfuncs.py:920
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #135eb433be74e959 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/capi_maps.py:158
        with open(f2cmap_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41b3e064f2e858f9 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:316
        with open(filename, 'rb') as fhandle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd92cf3139b83e50 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:327
    return open(filename, mode, encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78356bfcf5b8600a Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:3703
                open(l).close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35e11f36a4dee266 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:3722
        with open(pyffilename, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e10cfa709fb7c99 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/f2py2e.py:295
                with open(l):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f79713e66b7a877c Filesystem access.
pkgs/python/[email protected]/numpy/f2py/f2py2e.py:362
            with open(options['signsfile'], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2106925f6ef47b4 Environment-variable access.
pkgs/python/[email protected]/numpy/f2py/rules.py:160
generationtime = int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a8a9e57612b14d4 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1424
    with open(fn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #232ac0472cb01906 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1431
        with open(fn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92ac3a0be24d4681 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1440
        with open(fn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3e9b92de9e6c570 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1454
        with open(wn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea5ee5d789c41eee Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1479
        with open(wn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c98491f3ff1501b Filesystem access.
pkgs/python/[email protected]/numpy/lib/_format_impl.py:966
        with open(os.fspath(filename), mode + 'b') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b70db45521d3da75 Filesystem access.
pkgs/python/[email protected]/numpy/lib/_format_impl.py:971
        with open(os.fspath(filename), 'rb') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14999b7fb4a7019a Filesystem access.
pkgs/python/[email protected]/numpy/lib/_npyio_impl.py:454
            fid = stack.enter_context(open(os.fspath(file), "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f88a9645fc626b6 Filesystem access.
pkgs/python/[email protected]/numpy/lib/_npyio_impl.py:568
        file_ctx = open(file, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58318c75c710e627 Filesystem access.
pkgs/python/[email protected]/numpy/lib/_npyio_impl.py:1552
        open(fname, 'wt').close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61bed0483292f493 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/clapack_scrub.py:308
    with open(filename) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #178381518667205e Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/clapack_scrub.py:318
    with open(outfilename, 'w') as writefo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e3c22e9a05777eb Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/fortran.py:116
    with open(filename) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #315abc0bac78401e Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:230
    with open(wrapped_routines_file) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0420c5749bd4b747 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:250
        with open(filename, 'w') as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #113fbfadca20fc40 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:256
    with open(output_file, 'w') as output_fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ff2df20bdf32576 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:258
            with open(r.filename) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26594c3ea3f22a4d Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:275
    with open(c_file) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76b0865f067fc4bd Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:278
    with open(c_file, 'w') as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6f666094d2de90f Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:301
        with open(fn) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #742729345274fdc6 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:309
    with open('f2c.h') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9d651ab1b58af5b Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:315
    with open(os.path.join(output_dir, 'lapack_lite_names.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a133e343d051a94 Filesystem access.
pkgs/python/[email protected]/numpy/ma/mrecords.py:649
        f = open(fname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02080f6de94d9f52 Filesystem access.
pkgs/python/[email protected]/numpy/random/_examples/cffi/parse.py:12
    with open(os.path.join(inc_dir, 'random', 'bitgen.h')) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69d8fb5916cc747c Filesystem access.
pkgs/python/[email protected]/numpy/random/_examples/cffi/parse.py:21
    with open(os.path.join(inc_dir, 'random', 'distributions.h')) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1704c955c6a623de Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/extbuild.py:210
    with open(cfile.parent / "meson.build", "wt") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #186c200bc2bb6e85 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/extbuild.py:224
    with open(native_file_name, "wt") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1198c442adecdd1 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:73
                np_dist.read_text('direct_url.json') or '{}',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fa77652d897a35c Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:174
            with open(_proc_pid_stat) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f67791fc63b32150 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:203
            with open(_proc_pid_stat) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #951185d36ba3d4bd Environment-variable access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:2700
    env_value = os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe027f3cb907b0ef Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:2752
        with open('/proc/meminfo') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #019383f1f00d4c2c Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:57
        with open(self.path, "r") as source:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #07031c667504b073 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:66
        with open(self.path, 'r') as source:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0d07afe9a673e178 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:96
            with open(os.path.join(root, self.clean_path(path)), "w") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #17d2143129f38c9f Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:97
                source.write_text(fd)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b5bba2ec85c7e2ae Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:101
            with open(
                os.path.join(root, self.clean_path(path) + ".html"), "w"
            ) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0a1eec8c591f2718 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:106
        with open(os.path.join(root, 'index.html'), 'w') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6692fea95fe80151 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:165
        with open(log_file, 'r') as log_fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9b67ea40b894e91f Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:176
        files.write_text(args.directory)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1d4325f3e59ef4c0 Filesystem access.
pkgs/python/[email protected]/tools/check_installed_files.py:113
    with open(os.path.join('build', 'meson-info',
                           'intro-install_plan.json'), 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0f831e6dffd37922 Filesystem access.
pkgs/python/[email protected]/tools/check_openblas_version.py:48
        with open(reqfile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #67b14000d9e0c52e Filesystem access.
pkgs/python/[email protected]/tools/check_python_h_first.py:77
    with open(name_to_check) as in_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #70574b2c003d48c3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/tools/download-wheels.py:70
    index_html = http.request('GET', index_url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #9c55f65a416ff538 Filesystem access.
pkgs/python/[email protected]/tools/download-wheels.py:95
        with open(wheel_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #aa31c17015b238bc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/tools/download-wheels.py:96
            with http.request("GET", wheel_url, preload_content=False,) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #28ff3f544548141e Filesystem access.
pkgs/python/[email protected]/tools/functions_missing_types.py:103
        with open(module_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2afdd334fab3a43f Filesystem access.
pkgs/python/[email protected]/tools/get_submodule_paths.py:12
    with open(gitmodule_file) as gitmodules:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #06a4fffb800a8b76 Filesystem access.
pkgs/python/[email protected]/tools/get_submodule_paths.py:19
    with open(
            os.path.join(root_directory, ".gitattributes"), "r"
    ) as attr_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4652962ad80692b9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:21
        data = json.loads(path.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a2eae9f5a22132d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:83
        out_file.write_text(out_data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fb4e5bc342b2b60 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:100
        out_file.write_text(out_data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2489000ef7e1366f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:140
        out_file.write_text(out_data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b0f4c209bb4a99c2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/extensions/refman_links.py:128
        raw = Path(self._data_file).read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8cfb57d24ddfc0f4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/genrelnotes.py:71
            snippet = snippetfile.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #42ba85019997b437 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/jsonvalidator.py:146
    root_tmp = json.loads(args.doc_file.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8bc907a2f02e03c4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorjson.py:115
        self.out.write_text(json.dumps(data), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #17fef58ca259a42b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorman.py:65
        self.path.write_text(self.text, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9d5df047b3564da3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:115
        out_file.write_text(data, encoding='ascii')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ad33dc2d6e9cdb69 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:128
            template=template_file.read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ed3087a1dc6e0529 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:357
        raw = self.sitemap_in.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a930ab33406df8f6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:368
        self.sitemap_out.write_text(out, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ae66d09669754be0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:390
        self.link_def_out.write_text(json.dumps(data, indent=2), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ea79a12e1044b4d7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorvim.py:30
            template=template_file.read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #dd5fdd869bd83a26 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorvim.py:37
        out_file.write_text(result, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #13f06bfb0183b765 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/loaderbase.py:194
        return f.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a0e950b1fce5cb1a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/loaderpickle.py:16
        res = pickle.loads(self.in_file.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #319995fbd88322c3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/main.py:76
        args.depfile.write_text(out_text, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #17ff9ddd99a4fe63 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/validatelinks.py:24
    with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #673a6aedbc769891 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/vendored-meson/meson/manual tests/4 standalone binaries/build_windows_package.py:14
    response = urllib.request.urlopen(sdl_url, timeout=600.0)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #74cc894b826ce121 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/manual tests/4 standalone binaries/build_windows_package.py:16
    open(sdl_filename, 'wb').write(data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95029523d9b948ea Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:441
            return open(outfileabs_tmp, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c57bc9855b744153 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:606
            with open(rsp_file, 'w', encoding='utf-8', newline='\n') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #165c8f9ea1daf4d2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:710
        with open(exe_data, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bf5588ffbc7a2f9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:717
        with open(test_data, 'wb') as datafile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbfd0b69419b1904 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:720
        with open(benchmark_data, 'wb') as datafile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #065c242ce6d32faf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:882
        with open(pch_file_tmp, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0a03fcaae71def2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:1287
        with open(ifilename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70a91b4f812c33d2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:1318
        with open(filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e62cc693529e655 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:1636
        with open(install_data_file, 'wb') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a9a6bb12ae152ad Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:533
                return open(tempfilename, 'a', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd73064600280088 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:538
            return open(tempfilename, 'a', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd8cce0522380e03 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:542
        with open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d92c6ae20f25bd4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:575
                    with open(tempfilename, 'ab') as binfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46ce7bf1aeaa1d70 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:577
                    return open(tempfilename, 'a', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1087aa52f2468c73 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:619
        with open(tempfilename, 'w', encoding='utf-8') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #447f0afae5743a84 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:701
        with open(os.path.join(self.environment.get_build_dir(), 'rust-project.json'),
                  'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a3efd86cba5bb74 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:733
            with open(os.path.join(builddir, 'compile_commands.json'), 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e27ee6bddb28c5d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:1149
            with open(pickle_abs, 'rb') as p:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a0d70a9669e9276 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:1154
            with open(pickle_abs, 'wb') as p:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c47e8a750f3f059 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:1479
        with open(manifest_fullpath, 'w', encoding='utf-8') as manifest:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d82a40593b15c038 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:2848
            with open(filename, encoding='ascii', errors='ignore') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1262d5c3b02accee Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:3807
        with open(d_file, 'wb') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82b086e25b516241 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:36
    vs_version = os.getenv('VisualStudioVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98068f204f6a4ad7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:37
    vs_install_dir = os.getenv('VSINSTALLDIR', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a84a162e3a350bcf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:296
        with open(Vs2010Backend.get_regen_stampfile(build_dir), 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a82c97fc27a17979 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:300
        has_arch_values = 'VSCMD_ARG_TGT_ARCH' in os.environ and 'VSCMD_ARG_HOST_ARCH' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e633d01adee056b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:303
        if 'VCINSTALLDIR' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c99678a2b5b84b6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:304
            vs_version = os.environ['VisualStudioVersion'] \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3dbdc343fadda47 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:305
                if 'VisualStudioVersion' in os.environ else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d14efca6894bed2d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:307
            script_path = os.environ['VCINSTALLDIR'] + relative_path + 'vcvarsall.bat'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c76cd517273a5c5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:310
                    target_arch = os.environ['VSCMD_ARG_TGT_ARCH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3937961e06a87dc4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:311
                    host_arch = os.environ['VSCMD_ARG_HOST_ARCH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdc7bd61cec5b72a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:313
                    target_arch = os.environ.get('Platform', 'x86')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #256f01e72bb8bae8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:319
        if 'VS150COMNTOOLS' in os.environ and has_arch_values:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6c09fd1665b745c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:320
            script_path = os.environ['VS150COMNTOOLS'] + 'VsDevCmd.bat'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #791635dad7f2825b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:323
                    (script_path, os.environ['VSCMD_ARG_TGT_ARCH'], os.environ['VSCMD_ARG_HOST_ARCH'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c72bc43d66d1012f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:425
        with open(sln_filename_tmp, 'w', encoding='utf-8-sig') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d7e15be3ee640a7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:1001
        with open(ofname_tmp, 'w', encoding='utf-8') as of:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f0543f76155fcad Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:2092
            with open(rulefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e2477e938fdd4c8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2017backend.py:45
        sdk_version = os.environ.get('WindowsSDKVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6ebc35566d399be Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2019backend.py:40
        sdk_version = os.environ.get('WindowsSDKVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #442f2077572322aa Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2022backend.py:40
        sdk_version = os.environ.get('WindowsSDKVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c328c91505ab318a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/xcodebackend.py:274
        with open(tmpname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2456cf14a21eb981 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/build.py:3360
        with open(filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26c144a3071ecee3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cargo/toml.py:36
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a54aac1bbb09b2c2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/executor.py:214
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f585b32baa26e2bc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/fileapi.py:51
        query_file.write_text(json.dumps(query, indent=2), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e72d53ef43620802 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/fileapi.py:75
        debug_json.write_text(json.dumps(index, indent=2), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eeddc17d5db168ff Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/fileapi.py:320
        data = json.loads(real_path.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ffd0571b54fe07a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/interpreter.py:865
            os_env = environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b11c5472a7a3a91f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:61
        self.toolchain_file.write_text(self.generate(), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07eeda004bf63264 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:62
        self.cmcache_file.write_text(self.generate_cache(), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e968480b5bb41ad7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:228
        cmake_file.write_text(cmake_content, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70d64a6d256102a7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:232
        temp_toolchain_file.write_text(CMakeToolchain._print_vars(self.variables), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #775404549bbcb52c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/traceparser.py:170
            trace = self.trace_file_path.read_text(errors='ignore', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fece41aefc1ad52 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/compilers.py:830
                with open(srcname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #602623a77237370b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/compilers.py:861
            os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4e27585acafd1e8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/cs.py:90
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d37388fb6298a2e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/cuda.py:535
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #634155dd987bcb11 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/d.py:444
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #439fba867346dc3f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:295
            if 'WATCOM' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24f6b731eddd46e5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:299
                watcom_cls = [sanitize(os.path.join(os.environ['WATCOM'], 'BINNT', 'cl')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16c1a6949d5c2c43 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:300
                              sanitize(os.path.join(os.environ['WATCOM'], 'BINNT', 'cl.exe')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb81ef1d777fdccc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:301
                              sanitize(os.path.join(os.environ['WATCOM'], 'BINNT64', 'cl')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #368cffc1b736eed0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:302
                              sanitize(os.path.join(os.environ['WATCOM'], 'BINNT64', 'cl.exe'))]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c7f48c4b11881d3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:1321
            default_path = os.path.join(os.environ['ProgramFiles'], 'NASM')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04efc3bff984ec0d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/java.py:79
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #510b90406dd96dd2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/clike.py:219
                    with open(file_to_check, 'rb') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4165153fcc11044 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/clike.py:295
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbc571e40f20b09c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/clike.py:914
            with open(p.output_name, 'rb') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a42d7ebaae3429e7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/clike.py:1197
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44842b9cc45008d6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/elbrus.py:43
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #016c063b0e6e778b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/elbrus.py:54
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9216d4b0b5402368 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/elbrus.py:66
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f52762a3afe9c0a5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/gnu.py:323
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a35da3982dd7358d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/visualstudio.py:354
        if 'INCLUDE' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d504a5191844b252 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/visualstudio.py:356
        return os.environ['INCLUDE'].split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cec9502699c214f6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/rust.py:115
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #269d2ae19e51e084 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/swift.py:190
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d31424dd60bd49f8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:316
                    with open(f, encoding='utf-8') as rf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b521b9fcd9e50112 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:317
                        with open(fcopy, 'w', encoding='utf-8') as wf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fc83fd76e4b9045 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:327
                    os.environ.get('XDG_DATA_HOME', os.path.expanduser('~/.local/share')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f70622c6f6ddda99 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:328
                ] + os.environ.get('XDG_DATA_DIRS', '/usr/local/share:/usr/share').split(':')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4dab4b3b8ac8da71 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:650
    with open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6253c5335b4459d9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:664
    with open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc986a2460b7493f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:695
    with open(tempfilename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39e32661950335e9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/blas_lapack.py:750
        deploy_target = os.environ.get('MACOSX_DEPLOYMENT_TARGET', macos_version)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a470c53c23d339a3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/blas_lapack.py:761
        deploy_target = os.environ.get('IPHONEOS_DEPLOYMENT_TARGET', ios_version)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3aae80374fbb4f19 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/blas_lapack.py:899
        _m = os.environ.get('MKLROOT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cea4bb64d2c986b6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/boost.py:764
        raw = hfile.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d81b7aa83064467 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:302
        for i in os.environ.get('PATH', '').split(os.pathsep):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ec98f5b92031b92 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:333
        env_path = os.environ.get(f'{name}_DIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b1364ed5fa397a5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:584
        cmake_txt = importlib.resources.read_text('mesonbuild.dependencies.data', cmake_file, encoding = 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30721e0975ce7713 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:604
        cm_file.write_text(cmake_txt, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9725fe64a88049ab Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:169
        env_vars = [var for var in env_vars if var in os.environ]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f84a3834cfd88e4a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:170
        user_defaults = {os.environ[var] for var in env_vars}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c3914b58a646c50 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:176
        return ([(os.environ[self.env_var], True)] if self.env_var else []) \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dad3b0f03da9566f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:180
        env_vars = os.environ.keys()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2321f3f685dee47 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:181
        return [(os.environ[var], False) for var in env_vars if var.startswith('CUDA_PATH_')]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cb41707510bf935 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:217
            raw = i.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8923f52a2cb0070 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:235
            with open(version_file_path, encoding='utf-8') as version_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9da3d2124d1b340 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/dev.py:782
        vsdir = os.environ.get('VSInstallDir')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #029c594e10c17d1c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:112
            os.environ[f'HDF5_{cenv}'] = join_args(compiler.get_exelist())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80d33b9225dfac1a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:113
            os.environ[f'HDF5_{lenv}LINKER'] = join_args(compiler.get_linker_exelist())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49df5345eb77d762 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:116
            del os.environ[f'HDF5_{cenv}']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1a9742d423492d4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:117
            del os.environ[f'HDF5_{lenv}LINKER']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d56378f7a14963aa Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:56
        tool_names = [os.environ.get(env_name) for env_name in env_vars]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abc3add51ccba610 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:228
        incdir = os.environ.get('MSMPI_INC')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6407e7409373ff4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:232
            libdir = os.environ.get('MSMPI_LIB32')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2918646bb576f6ae Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:235
            libdir = os.environ.get('MSMPI_LIB64')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49a0fc2b91725362 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:154
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #439b2084628957cc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:169
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1eed2e15802107b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:290
        env = env or os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #266839dbe98a9ec8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:543
        with open(la_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20839dbb0999dadb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:129
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1795aa68964f8087 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:427
                old_pkg_libdir = os.environ.pop('PKG_CONFIG_LIBDIR', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18c2e65cc0d19b2e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:428
                old_pkg_path = os.environ.pop('PKG_CONFIG_PATH', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #279d2fd9a8de439b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:429
                os.environ['PKG_CONFIG_LIBDIR'] = pkg_libdir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ecd4245b2649e5a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:435
                            os.environ[name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d574ba06b2e41840 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:436
                        elif name in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ca0b5f0a6b06927 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:437
                            del os.environ[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #124e10c6ce4d986b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/scalapack.py:59
        _m = os.environ.get('MKLROOT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b823deee4c3d50cc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/ui.py:117
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7704a18dd1958df Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/ui.py:190
        self.vulkan_sdk = os.environ.get('VULKAN_SDK', os.environ.get('VK_SDK_PATH'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea2634351f3cf573 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:84
        value = os.environ.get(var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c86db8ba780689b4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:183
    env_ninja = os.environ.get('NINJA', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #954a26d6f9dc6058 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:268
    if 'SCANBUILD' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #983842a2995907e2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:269
        exelist = split_args(os.environ['SCANBUILD'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d49f323e4e0e2890 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:541
    return os.environ.get('MSYSTEM_CARCH', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42274794b0269c77 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:395
        if 'MESON_UNIT_TEST' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #feaeacd1ff37eb10 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:397
        if 'MESON_RUNNING_IN_PROJECT_TESTS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d48001801644fab Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:991
                with open(meson_filename, "w", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75638101b54c6985 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:1249
                ver_data = Path(ifname).read_text(encoding='utf-8').split('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef10ecddb858fe69 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:2756
                with open(dst_tmp, 'w', encoding=file_encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d57cf718d6587458 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:2763
                with open(depfile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48c34de5caed4ab5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreterobjects.py:243
        child_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c96ac2a9affa914 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreterbase/interpreterbase.py:105
            with open(fname, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f59a77132333549 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreterbase/interpreterbase.py:154
                    with open(parent / 'meson.build', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4390d5e9b2dcd69f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreterbase/interpreterbase.py:701
            with open(option_file, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e0a57c525e5d7cb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/machinefile.py:40
                with open(fname, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac535266950a095d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mcompile.py:253
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b1d7ef9a6a0c59f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mconf.py:94
                    with open(opfile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e91e7ce5db83d67 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mconf.py:109
                        with open(opfile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a7fa6c121467b1f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:71
    env = {} if dump_fmt else os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87950141a1183055 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:140
            gdbinit_path.write_text(gdbinit_line, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9ebf90a8abd6846 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:178
            with open(options.dump, "w", encoding='utf-8') as output:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a98d0060dce8ad7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:196
        shell_env = os.environ.get("SHELL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b891c0b5ec0ab824 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:209
                args = [os.environ.get("COMSPEC", r"C:\WINDOWS\system32\cmd.exe")]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c205f57cf4fb972 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:212
            args = [os.environ.get("SHELL", os.path.realpath("/bin/sh"))]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b907d062fb07a92a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:217
            if not os.environ.get("MESON_DISABLE_PS1_OVERRIDE"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6b7c0f4505abcc3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:64
    m.update(open(fname, 'rb').read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #715b9d7ff61516a7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:65
    with open(hashname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1ee291a8c307b08 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:92
            if 'GITLAB_CI' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #028623be39305421 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:257
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40bd1f39591d03e9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:290
            with lzma.open(xzname, 'wb') as xf, open(tarname, 'rb') as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e884726fb453e38 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:295
            with bz2.open(bz2name, 'wb') as bf, open(tarname, 'rb') as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97f9847858a2e825 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:300
            with gzip.open(gzname, 'wb') as zf, open(tarname, 'rb') as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b6ad255713551c8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:320
    myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #888845e1968d442c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesondata.py:20
            data = importlib.resources.read_text( # [ignore encoding] it's on the next lines, Mr. Lint
                    ('mesonbuild' / self.path.parent).as_posix().replace('/', '.'),
                    self.path.name,
                    encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6952bb0d83aa4d1a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesondata.py:24
            path.write_text(data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f14596a465e503d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:33
        if os.environ.get('MESON_FORCE_BACKTRACE'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fd33159cd168a2e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:43
        if os.environ.get('MESON_FORCE_BACKTRACE'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6f7bd2a3e550515 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:257
    if os.environ.get('MESON_SHOW_DEPRECATIONS'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #756fd89c3c1abfb3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:264
    if sys.version_info >= (3, 10) and os.environ.get('MESON_RUNNING_IN_PROJECT_TESTS'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f591dd28d59a624 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:282
    if sys.platform == 'cygwin' and os.environ.get('MSYSTEM', '') not in ['MSYS', '']:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dca0ebffe009f1a2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mformat.py:37
            self.read_string(f'[{self.default_section}]\n' + filename.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4faf9b4711248eb5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mformat.py:1081
                code = src_file.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b490f22b201a545 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:545
            destdir = os.environ.get('DESTDIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24a0a62ba39b23f7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:551
            os.environ['DESTDIR'] = destdir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #652d5fe79b8522e1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:581
                os.environ.get('MESON_ROOT_CMD')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffb96d71a6ba13d6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:587
            if rootcmd is None and pkexec is not None and 'PKEXEC_UID' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7004a70d51bb7c55 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:814
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e53b743831c1b60 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:816
            if os.environ.get('SUDO_USER') is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c5484731e7e5ef6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:825
            elif os.environ.get('DOAS_USER') is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4aa308a1698b851 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:879
    with open(os.path.join(log_dir, 'install-log.txt'), 'w', encoding='utf-8') as lf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7d129b55557bd9c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mintro.py:521
    with open(get_info_file(infodir, kind), encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1d4120bcdc5c51e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mintro.py:590
        with open(tmp_file, 'w', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdc92a48342fba59 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mintro.py:660
    with open(tmp_file, 'w', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67f8ce74231ecbe2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:50
    return bool(kernel.SetConsoleMode(stdout, mode.value | 0x4) or os.environ.get('ANSICON'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87168b63dae8108f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:52
_in_ci = 'CI' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12213df08aab5d9b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:53
_ci_is_github = 'GITHUB_ACTIONS' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e972fedcb2ac4fb3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:120
        if 'PAGER' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45c70eebcad6d907 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:121
            pager_cmd = shlex.split(os.environ['PAGER'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47cd6b1a8114349c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:140
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95f60bfa9acd8cc4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:150
            if 'PAGER' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f17052656c97a7fc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:166
        self.log_file = open(os.path.join(logdir, self._LOG_FNAME), 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6838450f32be116 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:394
                _colorize_console = os.isatty(output.fileno()) and os.environ.get('TERM', 'dumb') != 'dumb'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b41ebb4a2a964efa Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:570
    elif 'MESON_FORCE_SHOW_LOGS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2664f704bd26619f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:577
    with open(fname, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #273f83ade14c0798 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/_qt.py:804
        with open(fileout_abs, 'w', encoding='utf-8') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6e89c58275b0c02 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/cmake.py:341
            with open(infile, encoding='utf-8') as fin:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62daaf5bbf62e134 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/cmake.py:355
        with open(outfile_tmp, "w", encoding='utf-8') as fout:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17d02035ec679a3d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/dlang.py:58
            with open(config_path, encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fc1aab23c19eb1d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/dlang.py:87
        with open(config_path, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4692fcd7286923bf Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/external_project.py:142
        self.run_env: EnvironOrDict = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #103d5994a8739bcd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/external_project.py:207
            output = open(log_filename, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb71844392ca8262 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/features/module.py:683
        with open(config_path, "w", encoding='utf-8') as cout:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfa9f45bee1b2fb3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/fs.py:169
        with open(file, mode='rb', buffering=0) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cb651d3a09ab643 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/fs.py:268
            with open(path, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ca294b53a7f435e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/gnome.py:953
        with open(gir_filelist_filename, 'w', encoding='utf-8') as gir_filelist:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7300bd814c34745 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/gnome.py:2209
        with open(fname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12978d256d784b9e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/hotdoc.py:321
        with open(hotdoc_config_path, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb97d94ffeb22694 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/i18n.py:235
        rsp_file.write_text(source_list, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87c341857004e6a0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/keyval.py:31
            with open(path_to_config, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa51b50ba91e6427 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/pkgconfig.py:527
        with open(fname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c019341615e04b4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/python.py:401
        with open(pycompile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49070098e498a068 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/python.py:403
                f.write(importlib.resources.files('mesonbuild.scripts').joinpath('pycompile.py').read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca81376bc2a971d4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/python.py:415
                with open(os.path.join(self.interpreter.environment.get_scratch_dir(), manifest), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #385e3069ea8aaab2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mparser.py:111
        self.in_unit_test = 'MESON_RUNNING_IN_PROJECT_TESTS' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aab0368fdb1dc44f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/msetup.py:150
        with open(os.path.join(build_dir, '.gitignore'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ab1d49d8cc51db3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/msetup.py:152
        with open(os.path.join(build_dir, '.hgignore'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4792ebb16e9134b4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/msetup.py:322
                with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dda3f5bee5dc4d46 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:521
        self.file = open(filename, 'w', encoding='utf-8', errors=errors)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a05c6ed4f8a6c72 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:755
        inherit_env = env_tuple_to_str(os.environ.items())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76341502da6cc2fc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:948
        with open(self.filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e321b4f8a07e8d7d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1048
        test_only_env = set(self.env.items()) - set(os.environ.items())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6aa0dbcaf4b8f71 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1110
            with open(filename, 'r', encoding='utf8', errors='replace') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef752cdb6ec24a24 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1783
        return current.env.get_env(os.environ.copy())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a88c8b37a281585 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1791
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c63695ae6202e00f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:2226
        with open(targets_file, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ef58e2b11f83ed1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:2308
            if os.environ.get('MESON_FORCE_BACKTRACE'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f720d5067002fbdf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/optinterpreter.py:83
            with open(option_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2f8e5690c289446 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:149
        if 'USERPROFILE' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e74000b200c35c1e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:160
        appstore_dir = Path(os.environ['USERPROFILE']) / 'AppData' / 'Local' / 'Microsoft' / 'WindowsApps'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c696661e799d34a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:192
            with open(script, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc0c8bb94e207178 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:296
        search_dirs = OrderedSet(self._windows_sanitize_path(os.environ.get('PATH', '')).split(';'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fc4c4671244ba46 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:318
        path = os.environ.get('PATH', os.defpath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbfd9c66e97a8b4d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1024
                with open(fpath, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b53bec27f1a8481d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1026
            with open(fpath, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e6e60c52e3fc732 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1077
            with open(val['path'], 'w', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2278ea86f8f6ffdb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1131
        with open(options.json, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a9c0d34f729fe3ec Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/clangformat.py:26
            original = fname.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1656f0e2a19a6da9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/cleantrees.py:28
    with open(args[0], 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d85ddf9ea90af5cc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/coverage.py:103
                    with open(llvm_cov_shim_path, 'w', encoding='utf-8') as llvm_cov_bat:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #961a6650e08c52e5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/coverage.py:107
                    with open(llvm_cov_shim_path, 'w', encoding='utf-8') as llvm_cov_sh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #04407b8dfab35145 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depaccumulate.py:105
    with open(outfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #92e2500ca8414652 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depaccumulate.py:119
    with open(jsonfile, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0a42d88d046194ae Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depaccumulate.py:125
        with open(dep, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #23a59745a6e039db Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depfixer.py:133
            self.bf = open(bfile, 'r+b')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b5d789a3e6433a42 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depfixer.py:138
                self.bf = open(bfile, 'r+b')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5ff2bb5cecd3594b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depfixer.py:444
    with open('META-INF/MANIFEST.MF', 'r+', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e639fb1ac39e10f4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:72
        with open(pickle_file, 'rb') as pf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #970ad2149b0cb915 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:90
        for line in fpath.read_text(encoding='utf-8', errors='ignore').split('\n'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7c115d4469e96ebb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:134
        for line in fpath.read_text(encoding='utf-8', errors='ignore').split('\n'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3c073a1868a2b44d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:199
        with open(self.outfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b83a199f7b91ffed Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:95
    cppflags = shlex.split(os.environ.get('CPPFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #54b3e145ade5f281 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:96
    cflags = shlex.split(os.environ.get('CFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #daedf5cd91a5ad36 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:97
    cxxflags = shlex.split(os.environ.get('CXXFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c31cce3c61d3c097 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:98
    objcflags = shlex.split(os.environ.get('OBJCFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f80b1074cb239119 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:99
    objcxxflags = shlex.split(os.environ.get('OBJCXXFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fa76b8030b89e833 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:100
    ldflags = shlex.split(os.environ.get('LDFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #86c54ef40febc166 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:273
    with open(tmpfilename, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5f118aa1253c6d90 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:324
        compile_args = shlex.split(os.environ.get(compilers.CFLAGS_MAPPING[langname] + envvar_suffix, ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0b2a66bc55587763 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:326
        cppflags = tuple(shlex.split(os.environ.get('CPPFLAGS' + envvar_suffix, '')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a1380912fadced73 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:332
        lang_link_args += shlex.split(os.environ.get('LDFLAGS' + envvar_suffix, ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ab19dbbc8eed6eb9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:339
        compilerstr = os.environ.get(envvarname + envvar_suffix)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e4f52ee29c4e0ff9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:357
        binstr = os.environ.get(envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #15c06cafb46969eb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:362
    var = os.environ.get('PKG_CONFIG_LIBDIR' + envvar_suffix)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d5d223278a626957 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:365
    var = os.environ.get('PKG_CONFIG_SYSROOT_DIR' + envvar_suffix)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #21a87d158ac3338e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:27
        with open(self.depfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b022aee6468af8a3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:38
        with open(self.stampfile, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fb0c816de06b91d8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:73
            output = open(log_filename, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #daf791244c3bc189 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:78
        run_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7ca99d475972473f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gettext.py:30
        with open(linguas, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e73422047bae0d31 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gettext.py:48
    child_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #edef6dec204d7d34 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:52
    env = dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1a647cb9f8d8e38d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:270
    if 'MESON_INSTALL_PREFIX' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #45e4efc1026ef015 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:271
        destdir = os.environ.get('DESTDIR', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2438282779db9e23 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:272
        install_prefix = destdir_join(destdir, os.environ['MESON_INSTALL_PREFIX'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bbdfa7e5e5389236 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/hotdochelper.py:23
    subenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #71def4090298debf Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/hotdochelper.py:35
        destdir = os.environ.get('DESTDIR', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #66ddf8be6050b103 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/itstool.py:64
    build_dir = os.environ.get('MESON_BUILD_ROOT', os.getcwd())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3b2f62e59c5d6c63 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:31
    child_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #67a884eaf814955b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:49
        stdin = open(exe.feed, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bd151e67fe1e07f9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:84
            with open(exe.capture, 'rb') as cur:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f5b15e673bd4a736 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:89
            with open(exe.capture, 'wb') as output:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #53e5e9c87fcdbc59 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:106
        with open(options.unpickle, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7ddbc761ccbe179e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/msgfmthelper.py:25
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0df901498e01902f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:12
quiet = int(os.environ.get('MESON_INSTALL_QUIET', 0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3bc199e96d6dfb5a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:22
        fullpath = absf = os.environ['MESON_INSTALL_DESTDIR_'+key] + f

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c156aa4a83e4fb7f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:23
        f = os.environ['MESON_INSTALL_'+key] + f

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6a12dd0e62429343 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:41
    with open(data_file, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3500874215f5fe01 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/regen_checker.py:41
    with open(dumpfile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #50101b3f28ca25f5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/regen_checker.py:44
    with open(coredata_file, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1d79a3b251636ed6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/reprotest.py:61
        os.environ['CCACHE_DISABLE'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d1282d9d910d5d45 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/run_tool.py:136
    with open('meson-info/intro-targets.json', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c6623b001217944c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/run_tool.py:156
    with open('meson-info/intro-targets.json', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #721f0e1016921d95 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:31
    with open(outfilename, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #89f9b0902c763e4b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:36
        with open(outfilename, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #05f6c93d733ed516 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:42
    with open(outfilename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8daeb4962a9dbaa1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:53
    with open(TOOL_WARNING_FILE, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #106c07c46a844d21 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:58
    if evar in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #93456ebd8a51adbb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:60
        return shlex.split(os.environ[evar])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d9d4c33f055a3049 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:118
    origpath = os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d24f762e226a6682 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:120
        os.environ['PATH'] = '/usr/gnu/bin:' + origpath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6a7ab71ae29809d7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:123
        os.environ['PATH'] = origpath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #17691c0721265b64 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:228
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8be8b2f3ccbdb888 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:307
            with open(TOOL_WARNING_FILE, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8d8b86dbc9c0b4d8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/uninstall.py:14
    for line in open(log, encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #208263b8bd663832 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/vcstagger.py:16
    with open(infile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b364f7ff201097d2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/vcstagger.py:19
        with open(outfile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5d0f6dad28ecc937 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/vcstagger.py:24
        with open(outfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #66c5af8292f54844 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/yasm.py:21
    with open(options.depfile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a653ec0be7dd2af Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:87
            with open(source_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #595d5c3e52400043 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:91
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ee9b9062ba1c2e4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:120
            with open(lib_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2d72d7780a9c481 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:123
            with open(test_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ec746907ab52e74 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:126
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f8a8c42aa03eb1f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:141
            with open(source_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1286e02cfa5da448 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:144
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4c34dbf238b7e8e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:182
            with open(lib_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #741924e00e910ac7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:185
            with open(test_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #723797c4587a67bd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:188
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7f55af8e4674554 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:213
            with open(kwargs['header_file'], 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1161093874b8977 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/posix.py:21
            self.lockfile = open(self.lockpath, 'w+', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1713f41e555b3eb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:241
    if 'MESON_COMMAND_TESTS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #885f8088a8e24316 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:743
    arch = os.environ.get('PROCESSOR_ARCHITEW6432', '').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15b5942618aa0d8c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:747
            arch = os.environ['PROCESSOR_ARCHITECTURE'].lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01c8915ee9bc9ce4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:827
    vsver = os.environ.get('VSCMD_VER', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c74f0ebd8f142ae0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1115
        if varname in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #763332fac127736d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1117
                num_workers = int(os.environ[varname])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e96189da8c279fda Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1529
        with open(src, encoding=encoding, newline='') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #869f5c4212fa31c6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1537
        with open(dst_tmp, 'w', encoding=encoding, newline='') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38bf55fb1c17540e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1598
    with open(ofilename_tmp, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b76a1f884f00f39 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1613
        with open(dst, 'rb') as f1, open(dst_tmp, 'rb') as f2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44e196c05672594f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1701
            with open(args_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d39cf5d5e2deb6c4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:2414
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffc9c21e27c7ef87 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:2475
    return int(os.environ.get('MESON_RSP_THRESHOLD', limit))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ca8ffd1660310ce Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:35
    if os.environ.get('OSTYPE') == 'cygwin':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca9edab54baf4f55 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:37
    if 'MESON_FORCE_VSENV_FOR_UNITTEST' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2e247bb172391a0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:40
        if 'VSINSTALLDIR' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22c9cdc125a4d9df Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:55
    root = os.environ.get("ProgramFiles(x86)") or os.environ.get("ProgramFiles")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25a4663082361f8f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:117
                os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3aa2f52dc92a6969 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/win32.py:21
            self.lockfile = open(self.lockpath, 'w+', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27c0f0c81ffb19ca Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:170
    with open(wrapfile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3d0e2c5688c981e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:282
        with open(filename, 'r', encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #120a71032dbfd766 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:341
            with open(self.get_hashfile(subproject_directory), 'w', encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0b4647677f90699 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:372
        self.cachedir = os.environ.get('MESON_PACKAGE_CACHE_DIR') or os.path.join(self.subdir_root, 'packagecache')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79717c167ad42b81 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:535
                with open(main_fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a954db688d349c80 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:726
            with open(hashfile, 'r', encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e57d82cc4d76c3d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:857
        with open(path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1408ac9de374bd7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wraptool.py:103
    with open(wrapfile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb3566234a4f18a3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createmsi.py:233
        with open(self.main_xml, 'w') as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad84dbdd065ce323 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createmsi.py:236
        with open(self.main_xml) as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2f58229abc4a6de Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createmsi.py:239
        with open(self.main_xml, 'w') as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96c0fb6af8f193f4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createpkg.py:94
        with open(self.distribution_file, 'w') as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df4cedc638e58c1a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/mpackage.py:39
version_lines = pathlib.Path(relfile).read_text().split('\n')[:-1]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8117230535414f98 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/mpackage.py:56
    myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b64accded08d4b02 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/mpackage.py:59
    pathlib.Path(relfile).write_text('\n'.join(version_lines) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #12b92a47d89f0ebc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_cross_test.py:40
        data = json.loads(cf_path.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ad7f50056ee4cd2c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_cross_test.py:43
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b183d5d71526748e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_format_tests.py:19
    lines = file.read_bytes().split(b'\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22a5ff2438ba551b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:62
        self.orig_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1327ed40843fba0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:64
        os.environ['MESON_COMMAND_TESTS'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #870b59148b7a98b0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:75
        os.environ.clear()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbf13a9b9e43008d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:76
        os.environ.update(self.orig_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0791c2ad0005f150 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:133
        os.environ['PATH'] = str(bindir) + os.pathsep + os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb49b2545d20a276 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:151
        os.environ['PYTHONPATH'] = os.path.join(str(pylibdir), '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9e3f2de68e48b91 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:152
        os.environ['PATH'] = str(bindir) + os.pathsep + os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cae6da2faf83c5d5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:163
            os.environ['PYTHONPATH'] = os.pathsep.join(PYTHONPATHS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91e0a011fc3029d3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:196
        wrapper.write_text('#!/bin/sh\n\nmeson.real "$@"', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d86b784e62cca353 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:219
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #844f79da8fb7153c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:221
        with open(script_file, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac72b08b7a9c2b43 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:275
        self.env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aaabde560ca64e5c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:307
print_debug = 'MESON_PRINT_TEST_OUTPUT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4941c1d139883d83 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:308
under_ci = 'CI' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c8764c09598128e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:309
raw_ci_jobname = os.environ.get('MESON_CI_JOBNAME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6261fa5cbd6d6520 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:817
            if skip_env_var in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3e7c77cfd8259e9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:828
        test_def = json.loads(test_def_file.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c7f3fffd0d29b4c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1057
    sanity_file.write_text('fn main() {\n}\n', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f8983dcb10c1332 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1103
    skip_cmake = ((os.environ.get('compiler') == 'msvc2015' and under_ci) or

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b05156ed5ec64664 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1130
        TestCategory('vala', 'vala', backend is not Backend.ninja or not shutil.which(os.environ.get('VALAC', 'valac'))),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa2a3e73e06d5419 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1168
    with open(txtname, 'w', encoding='utf-8', errors='ignore') as lf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5aab5cebb4ff6383 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1683
    if 'VSCMD_VER' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01fb54506cd9ec1d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1684
        print('VSCMD version', os.environ['VSCMD_VER'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #038abeea2e8e8e45 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:50
    NINJA_1_12_OR_NEWER = bool(int(os.environ['NINJA_1_12_OR_NEWER']))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56a62e6489a67237 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:51
    NINJA_CMD = [os.environ['NINJA']]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e37d49aa6e258ac Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:61
    os.environ['NINJA_1_12_OR_NEWER'] = str(int(NINJA_1_12_OR_NEWER))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cf8c358b93e0443 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:62
    os.environ['NINJA'] = NINJA_CMD[0]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac60782b3f6ca9a2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:70
os.environ['PYTHONWARNDEFAULTENCODING'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11c30a039a339874 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:72
os.environ['MESON_RUNNING_IN_PROJECT_TESTS'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c9c5ffe2bded635 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:116
    if not os.environ.get('MKLROOT', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bed32f1d21e290c5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:118
    if (os.environ.get('CC') == 'icl' or

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #177750f0450b6fe2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:119
            os.environ.get('CXX') == 'icl' or

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa430d30ffaaaebf Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:120
            os.environ.get('FC') == 'ifort'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b64da30d27d6a13b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:129
                 'Please try using the Intel shell.'.format(os.environ.get('MKLROOT')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61a1031c2e3bd7ba Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:171
if 'MESON_EXE' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bed17be5f9e2baf Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:172
    meson_exe = mesonlib.split_args(os.environ['MESON_EXE'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cf2dbdf13628cb4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:231
            with open(f, encoding='utf-8') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f7c211ff8eea9a6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:299
    with mock.patch.dict(os.environ, env or {}), mock.patch.object(sys, 'stdout', stdout), mock.patch.object(sys, 'stderr', stderr):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f7555b0774ce2e4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:350
    if not mesonlib.is_windows() and not mesonlib.is_haiku() and 'CI' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c2dcaf528e56f4a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:364
    if 'APPVEYOR' in os.environ and os.environ['arch'] == 'x86':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6677b669dccd9093 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:365
        os.environ.pop('platform')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92ae943d70fbfb18 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:368
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9341fe4e8a6021ec Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_unittests.py:69
    os.environ['MESON_UNIT_TEST_BACKEND'] = be

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b8dab5ebaab68f5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_unittests.py:113
        if 'CI' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff22c927a554b026 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:13
    if is_pr_env not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9c1aea3b7f6404c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:16
    elif os.environ[is_pr_env] == 'false':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fa525043c17571a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:22
    if base_env not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c7af7b50d06037f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:25
    return os.environ[base_env]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fc7d8b3eddf6dca Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cmake/11 cmake_module_path/subprojects/cmMod/gen.py:1
with open('main.c', 'w') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80ed25933ff2776c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:12
input_file = os.path.join(os.environ['MESON_SOURCE_ROOT'], 'raw.dat')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c593182965e9002d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:13
output_file = os.path.join(os.environ['MESON_BUILD_ROOT'], 'generated.h')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c396b6d25fa7210 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:15
with open(input_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #486a6666237b9482 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:17
with open(output_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a66dda668aeb731d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/catter.py:8
with open(output, 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #009234fc991d0767 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/catter.py:11
        with open(i) as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c71d040ff671a4a3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/gen-resx.py:8
with open(ofile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39ef2f9076b606fc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/gen.py:8
with open(ifile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ab70e417607fa1a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/gen.py:12
with open(ofile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8daf95dae6f0b348 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/109 custom target capture/my_compiler.py:9
    with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e024632e45952c3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/110 allgenerate/converter.py:8
open(ofile, 'w').write(open(ifile).read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf7b0b3997505a22 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/123 custom target directory install/docgen.py:14
    with open(os.path.join(out, name + '.html'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cb0de34b0a4b7d8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/125 configure file in generator/src/gen.py:8
with open(ifile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #480a3458b425b8e4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/125 configure file in generator/src/gen.py:12
with open(ofile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2deb1e41ce74001f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/128 build by default targets in tests/write_file.py:5
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #888ebcb1f54f265f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/129 build by default/mygen.py:5
ifile = open(sys.argv[1])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f29f6bde4d5069e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/129 build by default/mygen.py:6
ofile = open(sys.argv[2], 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afbba7bbcef37ba7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/13 pch/generated/gen_custom.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a2b89ff35948290 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/13 pch/generated/gen_generator.py:4
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3037e41b69a34581 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/13 pch/generated/gen_generator.py:6
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5d8c15e06890512 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_env.py:12
if 'MESONINTROSPECT' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dee350ce81d3e3a8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_env.py:15
mesonintrospect = os.environ['MESONINTROSPECT']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2f8e510012d7074 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:8
if 'MESONINTROSPECT' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3473434320435b7e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:10
if 'MESON_BUILD_ROOT' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #672a83c371984477 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:13
mesonintrospect = os.environ['MESONINTROSPECT']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2e0e0d9d15b9138 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:16
buildroot = os.environ['MESON_BUILD_ROOT']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a8f1e90955ecf97 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/file_contains.py:14
    with open(args.file[0], encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #034753d13c688c0d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-deps.py:9
build_dir = Path(os.environ['MESON_BUILD_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f13fed8c62031d5c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-deps.py:10
subdir = Path(os.environ['MESON_SUBDIR'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9de96b181afb00c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-without-input-file.py:9
build_dir = Path(os.environ['MESON_BUILD_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38faa5922c8272b2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-without-input-file.py:10
subdir = Path(os.environ['MESON_SUBDIR'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34fbc8b5c60565e4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator.py:9
build_dir = Path(os.environ['MESON_BUILD_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2f4dd781f06b47b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator.py:10
subdir = Path(os.environ['MESON_SUBDIR'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d6884a52989c689 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/140 custom target multiple outputs/generator.py:11
with open(os.path.join(odir, name + '.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7682b6de0e10bac Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/140 custom target multiple outputs/generator.py:13
with open(os.path.join(odir, name + '.sh'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #535a473490257ef5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/141 special characters/check_quoting.py:27
    with open(output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a842a6755452838 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/144 link depends custom target/make_file.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d319a869e0f9e62 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/152 index customtarget/gen_sources.py:30
    with open(args.header, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f36e9e7f42e3c26 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/152 index customtarget/gen_sources.py:33
    with open(args.code, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c5331bc74ed3819 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/168 preserve gendir/genprog.py:41
    proto_name = open(ifile_name).readline().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c011db55abded09e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/168 preserve gendir/genprog.py:45
    open(h_out, 'w').write(h_templ % (proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2efcd7debfc29e7a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/168 preserve gendir/genprog.py:46
    open(c_out, 'w').write(c_templ % (proto_name, proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be3352321a32c402 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/169 source in dep/generated/genheader.py:15
funname = open(ifile).readline().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62f2a54264466a2d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/169 source in dep/generated/genheader.py:17
open(ofile, 'w').write(templ % funname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24db8d8c89ef298b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/170 generator link whole/generator.py:14
    with open(hname, 'w') as hfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7950e3b3e5bfa80c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/170 generator link whole/generator.py:20
    with open(cname, 'w') as cfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d3054ac42d39e62 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/178 bothlibraries/dummy.py:7
    Path(sys.argv[1]).write_text('Hello World\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed8a2806383da246 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/179 escape and unicode/file.py:6
with open(sys.argv[1]) as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5829ca665ea78bf4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/179 escape and unicode/file.py:9
with open(os.path.join(sys.argv[3]), 'w', errors='replace') as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7270bd213f095b25 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/182 find override/subdir/converter.py:13
d = pathlib.Path(ifilename).read_text().split('\n')[0].strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb2b5670a5e8b1bf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/182 find override/subdir/converter.py:15
pathlib.Path(ofilename).write_text(ftempl % d)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f816e3b81035d54f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/186 test depends/gen.py:7
    with open(sys.argv[1], 'w') as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e52b53a260a9f21 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/195 generator in subdir/com/mesonbuild/tooldir/genprog.py:41
    proto_name = open(ifile_name).readline().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14b8affc5a072b58 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/195 generator in subdir/com/mesonbuild/tooldir/genprog.py:45
    open(h_out, 'w').write(h_templ % (proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5cf56b3622c3bf8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/195 generator in subdir/com/mesonbuild/tooldir/genprog.py:46
    open(c_out, 'w').write(c_templ % (proto_name, proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdb5b5161161961d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/202 custom target build by default/docgen.py:11
    with open(os.path.join(out, name + '.txt'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #314664807a407e46 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/208 link custom/custom_stlib.py:73
    c_file.write_text(contents)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #682192559c03cf8f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/209 link custom_i single from multiple/generate_conflicting_stlibs.py:70
        c_file.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e208f31322239d5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/210 link custom_i multiple from multiple/generate_stlibs.py:72
        c_file.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c586e2de952f955d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/216 custom target input extracted objects/check_object.py:16
    with open(sys.argv[2], 'wb') as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf29e1a417f11541 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/216 custom target input extracted objects/libdir/gen.py:3
with open(sys.argv[1], 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86e579a5867b5349 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/22 object extraction/check-obj.py:12
    with open('compile_commands.json') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f14178f6ff69018 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/226 link depends indexed custom target/check_arch.py:12
with open(dummy_output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a4ab015268e1073 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/226 link depends indexed custom target/make_file.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df132b2da673ee4f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/226 link depends indexed custom target/make_file.py:7
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c403ea54fd866efb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/227 very long command line/codegen.py:6
Path(sys.argv[2]).write_text(
    'int func{n}(void) {{ return {n}; }}'.format(n=sys.argv[1]))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d651c448469c74f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/228 custom_target source/x.py:2
with open('x.c', 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ec5a4900effac0f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/228 custom_target source/x.py:4
with open('y', 'w'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7c4998cc429cd7c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/242 custom target feed/my_compiler.py:13
    with open(sys.argv[1], 'w+') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c0a820c13f59a3f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage1.py:5
assert(Path(sys.argv[1]).read_text() == 'stage1\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1a5bd1aa17bba76 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage1.py:6
Path(sys.argv[2]).write_text('stage2\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f31bbde80d3b16a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage2.py:5
assert(Path(sys.argv[1]).read_text() == 'stage2\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab4ae23d61a31cf9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage2.py:6
Path(sys.argv[2]).write_text('int main(void){}\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c31629f04085e6b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/269 configure file output format/compare.py:3
with open(sys.argv[1], 'r', encoding='utf-8') as f, open(sys.argv[2], 'r', encoding='utf-8') as g:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f055a7ab23c2d71 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/271 env in generator.process/generate_main.py:5
ENV_VAR_VALUE = os.environ.get('ENV_VAR_VALUE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7adb7f800042bc3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/271 env in generator.process/generate_main.py:8
with open(sys.argv[1], 'r') as infile, \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #223205d1ac29ab0d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/271 env in generator.process/generate_main.py:9
     open(sys.argv[2], 'w') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #669bab07aca13705 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/274 customtarget exe for test/generate.py:12
    with open(a, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd1b325e1de22e6a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/275 environment/testenv.py:9
if os.environ.get(key) == expected:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c784d17e68f9a0c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/275 environment/testenv.py:12
sys.exit(f'Expected {expected!r}, was {os.environ.get(key)!r}')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72fdec02dcc1c7df Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/33 run program/check-env.py:5
assert os.environ['MY_PATH'] == os.pathsep.join(['0', '1', '2'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b11b0fdfb4352af5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/41 test args/tester.py:6
assert os.environ['MESONTESTING'] == 'picklerror'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #261087e7b00e0512 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/41 test args/tester.py:7
assert os.environ['TEST_LIST_FLATTENING'] == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbdd6c11ddd42dc4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/41 test args/tester.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5517d2f58570e1e6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/depfile/dep.py:12
with open(output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24fc438fe88b2b3a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/depfile/dep.py:14
with open(depfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a2a9b31110e3b07 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/my_compiler.py:11
    assert os.environ['MY_COMPILER_ENV'] == 'value'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #216804bb1292dbdc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/my_compiler.py:16
    with open(args[1].split('=')[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6fc6d967e73625e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/my_compiler.py:21
    with open(args[2].split('=')[1], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afcb2f2580fe14b7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler.py:9
    with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d6f6bea1e8059b5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler.py:14
    with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f3c40e99506c998 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler2.py:9
    with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99d8e322c96c1f89 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler2.py:14
    with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15474249723f3490 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/usetarget/subcomp.py:5
with open(sys.argv[1], 'rb') as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3256ae39f2fd5be5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/usetarget/subcomp.py:6
    with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8ac878128ad9e21 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:6
assert 'MESON_SOURCE_ROOT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #783acb7eaaf17320 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:7
assert 'MESON_BUILD_ROOT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e70aee9985d845b1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:8
assert 'MESON_SUBDIR' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71d569b54e8afcb4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:9
assert 'MESONINTROSPECT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e9cbbf7f5a45993 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:10
assert 'MY_ENV' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a0b80197284d7f1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:15
env_source_root = Path(os.environ['MESON_SOURCE_ROOT']).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a04dec39e944a8c5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:16
env_build_root = Path(os.environ['MESON_BUILD_ROOT']).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8529faa53e420729 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:17
env_current_source_dir = Path(env_source_root, os.environ['MESON_SUBDIR']).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cbb8466acb80e68 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/converter.py:5
with open(sys.argv[1], 'rb') as ifile, open(sys.argv[2], 'wb') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b03a541130c558ba Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/fakeburner.py:9
    with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ab9f0d8449df974 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/customtarget.py:12
    with open(os.path.join(args.dirname, '1.txt'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2ab53b62a5a9730 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/customtarget.py:14
    with open(os.path.join(args.dirname, '2.txt'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3f535ba7c2aa7a2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/myinstall.py:7
prefix = os.environ['MESON_INSTALL_DESTDIR_PREFIX']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1486f561fefabc0c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/myinstall.py:8
dry_run = bool(os.environ.get('MESON_INSTALL_DRY_RUN'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94f518f7b7ccac6c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/myinstall.py:30
                with open(os.path.join(dirname, name), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dff0e8333ed0ed9c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/src/myinstall.py:6
prefix = os.environ['MESON_INSTALL_DESTDIR_PREFIX']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2390b3f101802417 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/src/myinstall.py:13
with open(os.path.join(dirname, sys.argv[2] + '.in'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #670c4db82c05c879 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/54 custom target source output/generator.py:10
with open(os.path.join(odir, 'mylib.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a1cc9e21af4438f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/54 custom target source output/generator.py:12
with open(os.path.join(odir, 'mylib.c'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c1e1454bf6fc0c9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/57 custom header generator/makeheader.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #302f655eb2801ed9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/57 custom header generator/makeheader.py:11
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cf56249b19e8001 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/58 multiple generators/mygen.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdab77a0c83fe7d9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/58 multiple generators/mygen.py:16
with open(outhdr, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90cbf1cf4019525d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/58 multiple generators/mygen.py:18
with open(outsrc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdeaeb72ab2c4305 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/65 build always/version_gen.py:13
    with open(infile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13cd6d1e5c53c17e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/65 build always/version_gen.py:16
        with open(outfile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #484ce8a2d8cfab05 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/65 build always/version_gen.py:22
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b50059cf38ba7657 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/69 configure file in custom target/src/mycompiler.py:5
with open(sys.argv[1]) as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cabcfbdba6389af6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/69 configure file in custom target/src/mycompiler.py:8
with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42cff5b389c1d73f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/71 ctarget dependency/gen1.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a431b5daf69c59d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/71 ctarget dependency/gen1.py:11
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6682e52204caa25 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/71 ctarget dependency/gen2.py:9
with open(files[0]) as ifile, open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f45cde9d1867a3f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/8 install/gendir.py:8
open(fname, 'w').close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c28f6442e6d1c25b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/86 private include/stlib/compiler.py:29
with open(cfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1935a10878ea1d04 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/86 private include/stlib/compiler.py:31
with open(hfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99d3923ad4f2dddf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/88 dep fallback/subprojects/boblib/genbob.py:5
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed2514a16f5f3017 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen.py:21
with open(options.input) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9908d2675f2f4ae Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen.py:26
with open(options.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65a3659ed7396430 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen2.py:17
with open(options.input) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f117be0dd0d3fd2c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen2.py:22
with open(output_c, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7c36d868c628bd0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen2.py:31
with open(output_h, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67e2cbf6ba789740 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen3.py:12
with open(options.input) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a4294ad9ea967f0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/92 test workdir/subdir/checker.py:5
data = open(sys.argv[1], 'rb').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #126ecdb1e1f6f4ad Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:10
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31123e30f1677888 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:43
with open(outc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5e6b60316845e3a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:50
with open(outh, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5564e89e13ff4e9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:57
with open(tmpc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c27c6bfe53ba4c5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:68
with open(tmpc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efd2bea44a1aa251 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:10
input_file = os.path.join(os.environ['MESON_SOURCE_ROOT'], 'raw.dat')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a4083b6eb571e88 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:11
output_file = os.path.join(os.environ['MESON_BUILD_ROOT'], 'generated.h')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a81f43984c9abc1b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:13
with open(input_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d19818e1ead4543b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:15
with open(output_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f909f252de4e0271 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cython/2 generated sources/gen.py:10
with open(args.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a34208253f99c413 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cython/2 generated sources/generator.py:11
with open(args.input) as i, open(args.output, 'w') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4dfbc040d9526674 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cython/2 generated sources/libdir/gen.py:10
with open(args.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76fce0ec159a3081 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/40 custom target plainname many inputs/catfiles.py:6
with open(out, 'wb') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7650ddcb4c7a8a34 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/40 custom target plainname many inputs/catfiles.py:8
        with open(infile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8e417070b0ab873 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/41 custom target outputs not matching install_dirs/generator.py:11
with open(os.path.join(odir, name + '.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a7db7bcd84df337 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/41 custom target outputs not matching install_dirs/generator.py:13
with open(os.path.join(odir, name + '.c'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35a044af1649eddc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/41 custom target outputs not matching install_dirs/generator.py:15
with open(os.path.join(odir, name + '.sh'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb969c318e815707 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/89 custom target install data/preproc.py:11
with open(outf, 'wb') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4e65aa4862802a7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/89 custom target install data/preproc.py:12
    with open(inf, 'rb') as i:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed4fbd519fd9d616 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/format/5 transform/file_compare.py:16
    with open(args.actual, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bafcb1feb6d8935a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/format/5 transform/file_compare.py:18
    with open(args.expected, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a30cfd97bc3f7397 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/fortran/7 generated/gen.py:36
    with open(args.input, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3764efccdbbd26e7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/fortran/7 generated/gen.py:41
    with open(args.output, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #281bff61f84a641b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/frameworks/10 gtk-doc/include/generate-enums-docbook.py:52
        with open(sys.argv[1], 'w') as doc_out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f43e9dce68b5aea4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/frameworks/4 qt/subfolder/generator.py:5
    with open(sys.argv[1], "w") as output:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adcda7a933f8a522 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/frameworks/6 gettext/data3/verify.py:12
with open(fname, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0b53578768ea6b7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/osx/2 library versions/require_pkgconfig.py:6
if 'CI' in os.environ or shutil.which('pkg-config'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86b9ad85bf21866f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/python/4 custom target depends extmodule/blaster.py:25
    with open(options.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #893e033a48a6972d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/python3/4 custom target depends extmodule/blaster.py:26
    with open(options.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd0671ef575391ad Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/rust/11 generated main/gen.py:12
    with open(args.out, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a43e101d67c97d5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/rust/19 structured sources/gen.py:12
    with open(args.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ace3853b157c3907 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/2 testsetups/envcheck.py:5
assert 'PATH' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0335bcde90855f4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/26 install umask/myinstall.py:6
prefix = os.environ['MESON_INSTALL_DESTDIR_PREFIX']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cba1df85aea6cf5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/26 install umask/myinstall.py:16
with open(os.path.join(dirname, sys.argv[2]), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9d512e6f9f8d7bf Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/replacer.py:10
source_root = pathlib.Path(os.environ['MESON_DIST_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8121a27842e3809 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/replacer.py:14
contents = modfile.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5994b9258e2031a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/replacer.py:16
modfile.write_text(contents)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #734ed4b7950f869b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/subprojects/sub/dist-script.py:11
source_root = pathlib.Path(os.environ['MESON_PROJECT_DIST_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43caf5767bc78521 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/subprojects/sub/dist-script.py:12
mesonrewrite = shlex.split(os.environ['MESONREWRITE'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6ceb798f2b5438e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/45 native dep pkgconfig var/cross_pkgconfig.py:7
environ = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99969e175e918b25 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:5
assert 'ENV_A' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d33d55af336a488 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:6
assert 'ENV_B' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4c053ca9e35e7d7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:7
assert 'ENV_C' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da103bdaf14d48c7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:9
print('ENV_A is', os.environ['ENV_A'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85691d36d0a6bee9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:10
print('ENV_B is', os.environ['ENV_B'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07f5320f71c3ef9f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:11
print('ENV_C is', os.environ['ENV_C'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c0fda68dfde7173 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/67 test env value/test.py:6
assert os.environ['TEST_VAR'] == sys.argv[1]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f15ecb5022d54d53 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/70 cross test passed/exewrapper.py:15
    defined = 'MESON_EXE_WRAPPER' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6b7e723f54bc231 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/70 cross test passed/exewrapper.py:18
        print(os.environ, file=sys.stderr)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #384d3773df5c2969 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:5
assert os.environ['MESON_DEVENV'] == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2087a8ebd2e847be Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:6
assert os.environ['MESON_PROJECT_NAME'] == 'devenv'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5acbcf87b2c0c3a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:7
assert os.environ['TEST_A'] == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ad4402a9d571478 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:8
assert os.environ['TEST_B'] == '0+1+2+3+4'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3b0b90d0cbe1bfc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:9
assert os.environ['TEST_C'] == os.pathsep.join(['/prefix', '/suffix'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a1c4fa7c562f3da Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/94 custominc/easytogrepfor/genh.py:5
f = open(sys.argv[1], 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a37b8b1c79d0c49 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/98 install all targets/script.py:6
  with open(f, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cd93faba514c56d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/98 install all targets/subdir/script.py:6
  with open(f, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f39fabd27016efe6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/vala/10 mixed sources/c/writec.py:11
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7162dc4e52cf89ce Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/vala/8 generated sources/src/write_wrapper.py:11
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d4d4a2f3c42ede0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/10 vs module defs generated custom target/subdir/make_def.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1d0f4f4069965ce Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/12 resources with custom targets/res/gen-res.py:5
with open(sys.argv[1]) as infile, open(sys.argv[2], 'w') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d449ee25e6291136 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/14 resources with custom target depend_files/ico/gen-ico.py:5
with open(sys.argv[1], 'rb') as infile, open(sys.argv[2], 'wb') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2915916df7006239 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/16 gui app/gui_app_tester.py:8
    if 'CI' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1454b1506bdd397c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/ac_converter.py:362
with open(sys.argv[1], encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f02aad7cb40aeb31 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/boost_names.py:69
    raw = jamroot.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3c15f53bfec19a1b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/boost_names.py:82
    raw = jamfile.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cfc75591fab57508 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/boost_names.py:176
    data = json.loads(meta_file.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7bb53081ae358c48 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/tools/build_website.py:30
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #91cf3861b585e81f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/dircondenser.py:46
    with open(sourcefile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b95073af216758cc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/dircondenser.py:50
    with open(sourcefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cebd0c0c99bad98c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:23
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d531d322b6748a1c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:121
            with open(output_dir / (cmd+'_'+typ+'.inc'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #d0a12e08febe6f0f Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:125
    url = urlopen('https://wrapdb.mesonbuild.com/v2/releases.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #bba50978fc25d8b0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:127
    with open(output_dir / 'wrapdb-table.md', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2f5632a02138dca5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:160
        with open(output_dir/dummy_output_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41e01cf1414e415e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/__init__.py:12
        if v in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1227bfb0d3ec6480 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/__init__.py:13
            del os.environ[v]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16c01dd5b0a8cda2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/__init__.py:16
    os.environ.setdefault('MESON_UNIT_TEST_BACKEND', 'ninja')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d02c7e965f22d400 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:134
                with open(fin, 'wb') as fobj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0b8065fb1cafe2e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:138
                    with open(fout, 'rb') as fobj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f1b17d01ff99f2a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:256
                with open(os.path.join(self.builddir, header), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4be324c072a194b7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:260
                with open(os.path.join(cmake_builddir, header), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1797cbb2b664529e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:540
        text_log = Path(self.logdir, 'testlog.txt').read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed051c9569405f2b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:542
        json_log = json.loads(Path(self.logdir, 'testlog.json').read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8c8bdd3e324e766 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:740
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa7809b1e2458f48 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:759
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5075f8fefc0d5ccb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:801
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4fc4558472b3af2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:806
        with open(os.path.join(self.logdir, 'testlog-valgrind.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bc97f793dcc4c91 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:826
        with open(os.path.join(self.logdir, 'testlog-good.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b70c47affbfd886 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:831
        with open(os.path.join(self.logdir, 'testlog-good.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80594c074ea1f2e7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:867
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f1de0ceba8bff87 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:872
        with open(os.path.join(self.logdir, 'testlog-mydefault.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7654151e1b0088f1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:877
        with open(os.path.join(self.logdir, 'testlog-other.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf32d75081779a19 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1056
        if mesonbuild.environment.detect_msys2_arch() and ('MESON_RSP_THRESHOLD' in os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #532475a7ec297c63 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1121
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8bc90590d1faad5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1142
            if evar in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f28b2baf88c6c207 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1155
                        evalue = os.environ.pop(evar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a298f489eda2a047 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1236
                    if 'arch' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0b2a3b911d7f6ae Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1237
                        if os.environ['arch'] == 'x64':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86474c1768c59e84 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1248
                os.environ[evar] = ' '.join(quote_arg(w) for w in wrappercc)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cde9ecc935d9c5c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1252
                os.environ['AR'] = ' '.join(quote_arg(w) for w in wrapperlinker)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e364805b92bed71 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1267
                del os.environ['AR']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e143b50e3cda540 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1343
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #355333772437ccf9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1574
            with open(os.path.join(project_dir, '.hg', 'hgrc'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ecfbdfc33c7a9b0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1615
        with open(os.path.join(path, 'meson.build'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c994c9fbc18c503 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1623
            with open(os.path.join(project_dir, 'meson.build'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de2a995930a22bc3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1633
            with open(distexe_c, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7839a5373d7d7a9f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1971
                with open(os.path.join(d, 'alexandria.pc'), 'w',
                          encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f15a1a7299c2653 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2013
                with open(os.path.join(d, 'alexandriaConfig.cmake'), 'w',
                        encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e72dae11f5263f4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2142
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9635ee63de975ada Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2150
        os.environ['PKG_CONFIG_LIBDIR'] = self.privatedir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #720e5353b76546fb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2174
            with open(os.path.join(self.privatedir, name), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0063b4ae22be91d2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2542
                            with open(os.path.join(tmpdir, 'foo.' + lang), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49e5acc74761bdfb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2549
                            with open(os.path.join(tmpdir, 'bar.' + lang), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #283b7ace33160c4f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2560
                            with open(os.path.join(tmpdir, 'Foo.' + lang), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02d0c50eaf8c6576 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2567
                            with open(os.path.join(tmpdir, 'Bar.' + lang), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #274843cdfbb23cb7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2984
        with open(os.path.join(self.builddir, 'nosubst-nocopy1.txt'), 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c21355a58dfc170d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2986
        with open(os.path.join(self.builddir, 'nosubst-nocopy2.txt'), 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20be6eb66ada111b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2993
                of = open(mfile, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #648d5fc7309b29c9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3089
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f0339b7bd9961b4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3092
        with open(filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #606fc1b9b3349c47 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3117
        open(filename, 'w', encoding='utf-8').close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06b8590f08d46b0b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3272
            self.assertNotEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a53d9f41c4dc1f35 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3273
                                Path(goodfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44730fb5bc81d6d0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3274
            self.assertNotEqual(Path(testheader).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f47b66823b6ae6f3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3275
                                Path(goodheader).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #583623c7fead860a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3279
            self.assertNotEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76333eb0a5177429 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3280
                                Path(goodfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60f03a6d63933585 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3281
            self.assertNotEqual(Path(testheader).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec4a59d936c1eccd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3282
                                Path(goodheader).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f57abe89844c9b76 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3285
            with open(includefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0c5a6a0927bcde0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3288
            self.assertEqual(Path(testheader).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8da188956e4d8ab Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3289
                             Path(goodheader).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #266956929c60120d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3335
        self.assertNotEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcdefef8ad106ef8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3336
                            Path(fixedfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80ea617bb93729d2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3341
        self.assertEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5c6f3122ce5d420 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3342
                         Path(fixedfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42a24c1467660f0c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3393
        with open(os.path.join(infodir, 'intro-targets.json'), encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #579fc68a3d90464f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3527
            with open(curr, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ce2ade67200cbda Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3665
            with open(curr, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2eb1c45a7c453565 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3675
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed54a2ac42ced66a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3690
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76b50e6db69e1080 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3708
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ca6c4b7ffbdfd7b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3719
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b06cf587a8e578b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4125
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e16e1a5dbe97b3a1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4142
        with open(doc_path, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b8470b2e8f5d8e0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4345
            with open(os.path.join(srcdir, 'subprojects', 'wrap_git.wrap'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11ba574ee2ae8b07 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4362
            with open(os.path.join(srcdir, 'subprojects', 'wrap_git.wrap'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df906e15c9fc3a17 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4399
        with open(machinefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f559258ac79f76a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4428
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #907c67c6fe846be0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4437
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f33723b9393b0ca Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4446
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85af2c92f29db3ea Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4455
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbdb0bcda661971d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4460
        with open(real_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1091db9d9831404 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4587
        o = Path(fname).read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a2ceb2c014517d4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4650
        with mock.patch.dict(os.environ, {'CFLAGS': '-DCFLAG', 'LDFLAGS': '-flto'}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8d219257303c599 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4848
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c9c35cb10942d3e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5181
        with open(gen_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e57c28be190998f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5189
        with open(gen_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #037babca63eef42a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5266
        olddata = filename.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90f260fa34f01219 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5271
            newdata = filename.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ece95fd2e1ce6b97 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5280
            newdata = filename.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f60b800377417fc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5428
        with open(os.path.join(testdir, 'mod1.f90'), 'a', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfd401b28ac45961 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5438
        with open(os.path.join(testdir, 'test.f90'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38568a8f2342e803 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:56
        cls.backend_name = os.environ.get('MESON_UNIT_TEST_BACKEND', 'ninja')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #116ecc6508de394f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:91
        cls.env_patch = mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #693f2c5e742d7ff3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:94
        os.environ['COLUMNS'] = '80'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b62db3aa4d369166 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:95
        os.environ['PYTHONIOENCODING'] = 'utf8'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27e829ba804c5c8d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:131
        return open(log, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43986f65a4872a58 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:157
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd2ed13a9e86807b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:261
            with mock.patch.dict(os.environ, override_envvars):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68ec3ebf65586e50 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:311
            with open(os.path.join(self.builddir, 'compile_commands.json'), encoding='utf-8') as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb56d00bb1eb3886 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:325
                with open(rsp, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf20a7a91b54a0bd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:184
            with open(os.path.join(tmpdir, 'Cargo.lock'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7557e1502c76baa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:296
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03af030592227c23 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:310
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2add435ee1799e1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:347
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a0d9828521c3239 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:364
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4e58baf614bfe79 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:404
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #039e9e5cd2af5825 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:440
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6241917a9de0176 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:460
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4be71f681f79b81 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/darwintests.py:59
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #889c0b7714162f3d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/darwintests.py:70
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cb705920ab45c32 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:71
        with open('docs/markdown/Builtin-options.md', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #020f61a5fd0ab367 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:105
        with open('docs/markdown/Builtin-options.md', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a59c4003d1a345dc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:176
        with open("docs/markdown/Reference-tables.md", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a1e4fc1ef74ca46 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:192
        with open("docs/sitemap.txt", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee34facb1f7e7299 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:206
        with open("docs/theme/extra/templates/navbar_links.html", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c691457b4844aeee Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:218
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c4b882dca107310 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:228
        del os.environ['MESON_RUNNING_IN_PROJECT_TESTS']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93a9da966017a797 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:231
        with open('data/syntax-highlighting/vim/syntax/meson.vim', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef3ca67dd96450e8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:236
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edf5717c38e3656e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:246
        del os.environ['MESON_RUNNING_IN_PROJECT_TESTS']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69efe17fd97c659b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/failuretests.py:93
        with open(self.mbuild, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d15e5f35bd839658 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/failuretests.py:102
            with open(self.moptions, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c5f80f83591b1df Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/failuretests.py:119
        with open(self.mbuild, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7d93fe29c27725e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:33
    return os.environ.get('MESON_CI_JOBNAME', 'thirdparty') != 'thirdparty'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6650b818b2624945 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:123
            if key in os.environ and not is_ci():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #908c02a1a1878228 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:125
            with mock.patch.dict(os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cd2e25494c37235 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:126
                os.environ.pop(key, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0e983a097d1ec98 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:227
    if os.environ.get('MESON_CI_JOBNAME') == name:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7dd127f78a025d9d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:554
                libpath.write_text('', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb484163e5d218e3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:676
            script_path.write_text('import sys\nprint(sys.argv[1])\n', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e850191469f006a6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:835
        if 'VCToolsVersion' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5baf28c9e519ece3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:836
            vctools_ver = os.environ['VCToolsVersion']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #163611d6b26938af Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:838
            self.assertIn('VCINSTALLDIR', os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b48c3f96d5f39bc0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:840
            vctools_ver = (Path(os.environ['VCINSTALLDIR']) / 'Auxiliary' / 'Build' / 'Microsoft.VCToolsVersion.default.txt').read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b10f19ab15a2214 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:840
            vctools_ver = (Path(os.environ['VCINSTALLDIR']) / 'Auxiliary' / 'Build' / 'Microsoft.VCToolsVersion.default.txt').read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b70f4982c5e2237c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:1053
        with open('data/test.schema.json', 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9766923b5ecd8d4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:1064
                schema_validator(json.loads(p.read_text(encoding='utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f87477216093b82d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:42
PKG_CONFIG = os.environ.get('PKG_CONFIG', 'pkg-config')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #820303c15ac05787 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:58
    pkgconf = os.environ.get('PKG_CONFIG_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #591ad0d440b142aa Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:141
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a586ed87de21e8af Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:153
        os.environ['PKG_CONFIG_LIBDIR'] = self.privatedir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c802f300168630d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:209
        with open(os.path.join(privatedir2, 'dependency-test.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64ce6a78d0deb070 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:240
        with open(os.path.join(privatedir1, 'simple2.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a45efc944db11bc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:245
        with open(os.path.join(privatedir1, 'simple3.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #250d486ebdeb8efd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:249
        with open(os.path.join(privatedir1, 'simple5.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5708a9cdb8ce34ff Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:253
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e250fccb18122170 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:259
        os.environ['PKG_CONFIG_LIBDIR'] = os.path.join(self.builddir, 'meson-uninstalled')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5a635e973a370f8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:261
            os.environ['PATH'] += os.pathsep + self.builddir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #653b54ba3194298e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:272
        with open(os.path.join(self.privatedir, 'somename.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72fd41632c6816dd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:809
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67e851af8f4f8c7a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:834
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e5fc33dde9a4aee Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1119
            myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c92462883c55db7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1130
            myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #222100f4d8e91436 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1260
        myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #875dc63b2220860d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1275
        myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #501891639a83b983 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1288
        myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2a88b33f1539b31 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1300
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad24d2044880c20a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1319
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3522581601f9fa73 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1332
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c54deed0ec31dd51 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1418
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #795603e3b68a81f5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1483
                os.pathsep + os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19860b1d92388ced Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1533
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #440c875d744bcb93 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1542
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9be4b5e258bf62cb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1641
            with mock.patch.dict(os.environ, {envvar: name}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79e862c5a2f23d3d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1692
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36d6fc6374e18513 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1716
        with open(wrap_filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6522f019e587074 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1744
            with open(os.path.join(d, 'meson.build'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bc9c7163917f164 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1755
        with open(os.path.join(self.privatedir, 'bar1.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e219576c0db6aee5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1758
        with open(os.path.join(self.privatedir, 'bar2.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcb57d7da8c6d5fe Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1766
        if 'clang' in os.environ.get('CC', 'dummy') and not is_osx():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71a247ffb04bfef5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1879
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea3d36b0f9e2023f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:80
        with open(filename, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a2d0aec4b7da712 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:102
        with open(filename, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e170f71fbea7860 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:140
        with open(batfile, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91bda776007cfc2d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:174
                with open(fifo, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b48e5ac5cf677369 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:762
    @skipIf('MESON_EXE' in os.environ, 'MESON_EXE is defined, cannot use mocking.')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57b0bd644bba09ad Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:776
            with mock.patch.dict(os.environ, {'XDG_DATA_HOME': d}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fae36e573ad595d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:780
            with mock.patch.dict(os.environ, {'XDG_DATA_DIRS': d}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d13a146ca66a77e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:781
                os.environ.pop('XDG_DATA_HOME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a1ef9c28e30d6ee Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:795
            with mock.patch.dict(os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03d2e3730cb44cec Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:796
                os.environ.pop('XDG_DATA_HOME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fe2db313f3008bc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:809
        with open(filename, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fafef2654d6f1993 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:909
                    del os.environ[k]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b47199aa7aec2fce Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:104
                with open(os.path.join(self.builddir, 'meson-info', 'intro-targets.json'), 'r', encoding='utf-8') as tgt_intro:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #57834a7c5b983f48 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:141
            with urllib.request.urlopen('https://wrapdb.mesonbuild.com') as p:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a15f068bb5a1eee7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:174
        with open(os.path.join(testdir, 'test.json'), 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #484bf041fdd01a3a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:295
        with open(os.path.join(self.builddir, 'meson-logs', 'profile-startup-modules.json'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #749f1099c3a41c1d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:298
        with open(os.path.join(testdir, 'expected_mods.json'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6fc8eeb11859b60 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:387
        with open(editorconfig, 'w', encoding='utf-8') as handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3904ab689ed17711 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:453
        with open(os.path.join(testdir, 'meson_options.txt'), 'a', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07dd874c862b9f61 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:462
        with open(os.path.join(testdir, 'meson_options.txt'), 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c023614216a7ac0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:464
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #364d8b6e0810b1e2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:497
        with open(os.path.join(testdir, 'meson_options.txt'), 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b724c480e2cc3ac9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:499
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ae4a466671776c5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:512
        with open(os.path.join(testdir, 'meson_options.txt'), 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a9f9ef181a64f14 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:514
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29e7d5bda47e2933 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:537
        with open(os.path.join(testdir, 'meson.options'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16e16e040931c1ed Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:546
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15632db5bdbe8e51 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:555
        with open(os.path.join(testdir, 'subprojects/subproject/meson_options.txt'), 'a', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f08055a5a32ca845 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/pythontests.py:44
            mesonfile.write_text('''project('test', 'c', version: '1')
pymod = import('python')
python = pymod.find_installation('python3', required: true)
''', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e88f504bd32b7b9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/rewritetests.py:465
        original_contents = meson_build_file.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8b70249376a860f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/rewritetests.py:511
        expected = Path(test_path / "expected_dag.txt").read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1dd7ad737bf09e3e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:35
        with open(str(path / 'meson.build'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1817ac802de143ad Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:97
        with open(str((self.subprojects_dir / name).with_suffix('.wrap')), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4357fef4831211c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:112
        with open(str((self.subprojects_dir / name).with_suffix('.wrap')), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9257ab22b31baf7d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:260
        with open(str((self.subprojects_dir / 'redirect').with_suffix('.wrap')), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a9f163e60d0cf54 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:49
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2b30a23e0d5b2a1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:78
        os.environ['PATH'] += os.pathsep + testdir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8d9cb79fd4ba916 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:80
        if '.PY' in [ext.upper() for ext in os.environ['PATHEXT'].split(';')]:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f49faaf94b470751 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:104
        path = os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba08a985ec343783 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:106
            username = os.environ['USERNAME']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f7a2c91956a1048 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:240
            current_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f90edd20e593a16b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:296
            with mock.patch.dict(os.environ, {envvar: name}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b15ec6482f7afb4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:386
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a12a2e88cd2e123f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:438
        if 'VSCMD_VER' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bc3ee04d7d9c9fc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:440
        if version_compare(os.environ['VSCMD_VER'], '<16.10.0'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df8d3d94846365bd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:466
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openai

python dependency
expand_more 61 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #7fba2b0e1b372e6e Filesystem access.
pkgs/python/[email protected]/examples/image_stream.py:30
            with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c20b08221658f03a Filesystem access.
pkgs/python/[email protected]/examples/image_stream.py:41
            with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ae51c9d34a378ebb Environment-variable access.
pkgs/python/[email protected]/examples/realtime/azure_realtime.py:31
    endpoint = os.environ["AZURE_OPENAI_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #51bf6891a79448a7 Environment-variable access.
pkgs/python/[email protected]/examples/realtime/azure_realtime.py:37
    deployment_name = os.environ["AZURE_OPENAI_DEPLOYMENT_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #56d2156f67b2c5e5 Filesystem access.
pkgs/python/[email protected]/examples/uploads.py:30
    data = file.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2546961d9b87f2ff Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:153
api_type: _ApiType | None = _t.cast(_ApiType, _os.environ.get("OPENAI_API_TYPE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd82befa3ad4f603 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:155
api_version: str | None = _os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #331e06eb94096e6f Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:157
azure_endpoint: str | None = _os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b17d9a8b9e7841b Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:159
azure_ad_token: str | None = _os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bafd920aeb9accd0 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:292
    return _os.environ.get("OPENAI_API_KEY") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b67dd875fbf9623d Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:296
    return azure_endpoint is not None or _os.environ.get("AZURE_OPENAI_API_KEY") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #969e199beb682835 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:301
        _os.environ.get("AZURE_OPENAI_AD_TOKEN") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7da082fee1ac30d Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:317
            azure_endpoint = _os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12e8cb6ccc8d4657 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:320
            azure_ad_token = _os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #578ca9f3a6628993 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:323
            api_version = _os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52bfed8b85207a42 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:333
            if (azure_ad_token is not None or azure_ad_token_provider is not None) and _os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ec542bc33dec312 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:333
            if (azure_ad_token is not None or azure_ad_token_provider is not None) and _os.environ.get(
                "AZURE_OPENAI_API_KEY"
            ) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #0345b00bc56c6a8e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/openai/_base_client.py:309
        return await self._client.request(self._page_cls, self._options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #55dd348a8d3cefc4 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:156
                api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee8292c45c237fa9 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:170
            organization = os.environ.get("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c7d91595d270c24 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:174
            project = os.environ.get("OPENAI_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecf4d654c37092ed Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:178
            webhook_secret = os.environ.get("OPENAI_WEBHOOK_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #172fa8a3cafd013b Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:184
            base_url = os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1928682b9049fca Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:585
                api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d5f3aee20d25f58 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:599
            organization = os.environ.get("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #671d52b2b2f9ea33 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:603
            project = os.environ.get("OPENAI_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5700f978937061fd Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:607
            webhook_secret = os.environ.get("OPENAI_WEBHOOK_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9feb69405a7df1bd Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:613
            base_url = os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19bc322690e42bf7 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:67
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12eec13f22d738da Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:79
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #655cee5c222942ac Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:109
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #617813c44b43015d Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:121
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2187f668879542cc Filesystem access.
pkgs/python/[email protected]/src/openai/_legacy_response.py:441
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #182a157a79c0ffa1 Filesystem access.
pkgs/python/[email protected]/src/openai/_legacy_response.py:454
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5beabf984288d384 Environment-variable access.
pkgs/python/[email protected]/src/openai/_models.py:119
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b6026ce6852f626 Filesystem access.
pkgs/python/[email protected]/src/openai/_response.py:513
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcbd38b6de230e89 Filesystem access.
pkgs/python/[email protected]/src/openai/_response.py:555
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7312c2d9aa28deb0 Environment-variable access.
pkgs/python/[email protected]/src/openai/_utils/_logs.py:23
    env = os.environ.get("OPENAI_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a911cf7ea61f3026 Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1695af45e5700dab Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6890bd0d9c2303f Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_utils.py:372
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14a1e370a7be4fd6 Filesystem access.
pkgs/python/[email protected]/src/openai/auth/_workload.py:61
            with open(token_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #d6111c1254b92119 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/openai/auth/_workload.py:252
            response = client.post(
                self.token_exchange_url,
                json={
                    "grant_type": TOKEN_EXCHANGE_GRANT_TYPE,
                    "client_id": self.workload_identity["client_id"],
                    "subject_token": subject_token,
                    "subject_token_type": subject_token_type,
                    "identity_provider_id": self.workload_identity["identity_provider_id"],
                    "service_account_id": self.workload_identity["service_account_id"],
                },
                timeout=10.0,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #463f7bd13835fe07 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/audio.py:67
        with open(args.file, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20f616d62cb9b316 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/audio.py:90
        with open(args.file, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e975ff94dd756480 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/files.py:55
        with open(args.file, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #613aeba73869a3ec Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/image.py:103
        with open(args.image, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4803a3ec137e335f Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/image.py:119
        with open(args.image, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #651ef4f23efa60c8 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/image.py:125
            with open(args.mask, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89ebca2df667bf98 Environment-variable access.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:68
    xdg = os.environ.get("XDG_CACHE_HOME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2563873b15348f6e Environment-variable access.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:76
    if not os.environ.get("DEBUG"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bf02796fdccdea0 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:121
        with open(temp_file, "wb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b11ab208b3264591 Filesystem access.
pkgs/python/[email protected]/src/openai/lib/_validators.py:485
                with open(fname, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #276f75cca76038f0 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:196
            api_key = os.environ.get("AZURE_OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2be23a476583384 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:199
            azure_ad_token = os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70834ffe1fb9a48b Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:207
            api_version = os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0efe6d4189859a0 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:221
                azure_endpoint = os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73ec7caa338712d5 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:481
            api_key = os.environ.get("AZURE_OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9823df8e2c3ba40b Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:484
            azure_ad_token = os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #978836b468b7041f Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:492
            api_version = os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df3f71b2bf9b1a4d Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:506
                azure_endpoint = os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

requests

python dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #3a1ca53e447d7bad Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:771
                    os.environ.get("REQUESTS_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fa7073cad3a8b25 Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:772
                    or os.environ.get("CURL_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4a7feb74a48455c Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:209
    netrc_file = os.environ.get("NETRC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06908e242b253f2c Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:740
        old_value = os.environ.get(env_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #230d53330d529dd1 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:741
        os.environ[env_name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e29475dbbf4d2de5 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:747
                del os.environ[env_name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #707c5f43de4a65cd Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:749
                os.environ[env_name] = old_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9dcbbda73a06677 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:762
        return os.environ.get(key) or os.environ.get(key.upper())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

urllib3

python dependency
expand_more 12 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #73a9e69ec21777a4 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:15
if "READTHEDOCS" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b4b10a0389abfd2d Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:76
html_baseurl = os.environ.get("READTHEDOCS_CANONICAL_URL", "/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8dd3fe41e4d29d3b Filesystem access.
pkgs/python/[email protected]/dummyserver/app.py:466
        return await make_response(file_path.read_bytes(), 200, headers)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8860832a6574e27 Filesystem access.
pkgs/python/[email protected]/dummyserver/app.py:483
    return await make_response(file_path.read_bytes(), 200, headers)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #4debb21ad2c3ee23 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/urllib3/__init__.py:193
    return _DEFAULT_POOL.request(
        method,
        url,
        body=body,
        fields=fields,
        headers=headers,
        preload_content=preload_content,
        decode_content=decode_content,
        redirect=redirect,
        retries=retries,
        timeout=timeout,
        json=json,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3bda78e2380929f4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/urllib3/connectionpool.py:210
            self.pool.put(None)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #882632841e6eb388 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/urllib3/connectionpool.py:310
                self.pool.put(conn, block=False)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1fa12231a28247e4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/urllib3/connectionpool.py:493
            conn.request(
                method,
                url,
                body=body,
                headers=headers,
                chunked=chunked,
                preload_content=preload_content,
                decode_content=decode_content,
                enforce_content_length=enforce_content_length,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #51d097539cea4032 Filesystem access.
pkgs/python/[email protected]/src/urllib3/contrib/emscripten/fetch.py:204
        streaming_worker_code = (
            files(__package__)
            .joinpath("emscripten_fetch_worker.js")
            .read_text(encoding="utf-8")
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c3b4aaa2c72be67 Environment-variable access.
pkgs/python/[email protected]/src/urllib3/util/ssl_.py:317
    if "SSLKEYLOGFILE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2660111eb5ecf349 Environment-variable access.
pkgs/python/[email protected]/src/urllib3/util/ssl_.py:318
        sslkeylogfile = os.path.expandvars(os.environ.get("SSLKEYLOGFILE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a9765158a20361f Filesystem access.
pkgs/python/[email protected]/src/urllib3/util/ssl_.py:452
    with open(key_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • @heroui/react prod — dist-only: no readable source
  • @react-router/node prod — dist-only: no readable source
  • react-select prod — dist-only: no readable source
  • fastmcp prod — sdist exceeds byte cap
  • openhands-agent-server prod — scan budget exceeded
  • openhands-sdk prod — scan budget exceeded
  • openhands-tools prod — scan budget exceeded
  • orjson prod — scan budget exceeded
  • pathspec prod — scan budget exceeded
  • pexpect prod — scan budget exceeded
  • pg8000 prod — scan budget exceeded
  • pillow prod — scan budget exceeded
  • playwright prod — scan budget exceeded
  • poetry prod — scan budget exceeded
  • prompt-toolkit prod — scan budget exceeded
  • protobuf prod — scan budget exceeded
  • psutil prod — scan budget exceeded
  • pybase62 prod — scan budget exceeded
  • pygithub prod — scan budget exceeded
  • pyjwt prod — scan budget exceeded
  • pylatexenc prod — scan budget exceeded
  • pypdf prod — scan budget exceeded
  • python-docx prod — scan budget exceeded
  • python-dotenv prod — scan budget exceeded
  • python-frontmatter prod — scan budget exceeded
  • python-json-logger prod — scan budget exceeded
  • python-multipart prod — scan budget exceeded
  • python-pptx prod — scan budget exceeded
  • python-socketio prod — scan budget exceeded
  • pythonnet prod — scan budget exceeded
  • pyyaml prod — scan budget exceeded
  • qtconsole prod — scan budget exceeded
  • rapidfuzz prod — scan budget exceeded
  • redis prod — scan budget exceeded
  • setuptools prod — scan budget exceeded
  • shellingham prod — scan budget exceeded
  • sqlalchemy prod — scan budget exceeded
  • sse-starlette prod — scan budget exceeded
  • starlette prod — scan budget exceeded
  • tenacity prod — scan budget exceeded
  • termcolor prod — scan budget exceeded
  • toml prod — scan budget exceeded
  • tornado prod — scan budget exceeded
  • tree-sitter-language-pack prod — scan budget exceeded
  • types-toml prod — scan budget exceeded
  • uvicorn prod — scan budget exceeded
  • whatthepatch prod — scan budget exceeded
  • zope-interface prod — scan budget exceeded
  • jupyter_kernel_gateway prod — scan budget exceeded
  • modal prod — scan budget exceeded
  • runloop-api-client prod — scan budget exceeded
  • daytona prod — scan budget exceeded
  • e2b-code-interpreter prod — scan budget exceeded
  • gspread prod — scan budget exceeded
  • alembic prod — scan budget exceeded
  • cloud-sql-python-connector prod — scan budget exceeded
  • psycopg2-binary prod — scan budget exceeded
  • stripe prod — scan budget exceeded
  • python-keycloak prod — scan budget exceeded
  • resend prod — scan budget exceeded
  • slack-sdk prod — scan budget exceeded
  • ddtrace prod — scan budget exceeded
  • limits prod — scan budget exceeded
  • coredis prod — scan budget exceeded
  • scikit-learn prod — scan budget exceeded
  • shap prod — scan budget exceeded
  • prometheus-client prod — scan budget exceeded