| # Security Findings | |
| - Verify API keys in .env files are not hardcoded or leaked in history. | |
| - detections_history.json might leak PII if not properly protected or if stored in public storage. | |
| - Ensure lert_routing.py doesn't expose sensitive info to unauthorized webhooks. | |