Be careful running trusted or untrusted code with access to your environment variables.

If you're using the #GitHubCLI or #CopilotCLI on a personal computer, sensitive variables may be exposed:

- `GH_TOKEN`
- `GH_ENTERPRISE_TOKEN`
- `GITHUB_TOKEN`
- `GITHUB_ENTERPRISE_TOKEN`
- `GITHUB_AUTH_TOKEN`

These can be read by any executed process, and in some cases tools may also expose tokens via commands like:

`gh auth token`

Treat your environment as compromised when executing code.

#GitHub #AI