Intent-Code Divergence
Medium
- Confidence
- 97% confidence
- Finding
- The script prints the first 10 characters of sensitive environment variables to the console, which constitutes partial secret disclosure. Even truncated API keys can aid correlation, leak identifying prefixes into logs/CI output, and violate the script's own stated security posture that key printing was removed.
