# Input API Files Security Note The user-provided API text files contained provider names and raw key-like values. Security policy used in this package: - Raw keys were not copied into source. - Provider names/capabilities were preserved. - Runtime reads secrets only from environment variables / HuggingFace Space Secrets. - Rotate any keys that were pasted into chat or local logs.