File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- test/logs.test.js:74
- Evidence
"Authorization: Bearer [REDACTED]",
Security audit
Security checks across malware telemetry and agentic risk
ReleaseOps is a read-only GitHub Actions triage plugin whose log access is disclosed and aligned with its purpose, though users should treat CI log excerpts as potentially sensitive.
Install only for repositories where the agent is allowed to read GitHub Actions metadata and logs. Use a least-privilege GitHub token with Actions/Contents/Metadata read access, avoid broad personal tokens, and set includeLogExcerpt false when logs may contain customer data or secrets.
62/62 vendors flagged this plugin as clean.
Detected: suspicious.exposed_secret_literal
"Authorization: Bearer [REDACTED]",