You’re viewing an example audit
Fortivibe reviews your app for the security, data, reliability, and deployment issues that can turn a promising prototype into a production headache.
Run an Audit on My AppFix Prompt
Move the OpenAI call to a server-side route or setter, read the key from `process.env` (never `import.meta.env` or a public prefix), and delete the client-side reference. Rotate the exposed key.
Psst: this prompt should but is not guaranteed to fix the issue. Each tool (and the models they use) are different and outside of our control.
What does this mean?
OpenAI keys used from the browser are visible to every visitor. They must live on the server and be called through a server-side endpoint.