add-env-variable
Facilitates the addition of environment variables in applications, ensuring proper configuration and validation for external services.
Install this skill
Security score
The add-env-variable skill was audited on Feb 27, 2026 and we found 21 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Webhook reference - potential data exfiltration
| 151 | WEBHOOK_URL: z.string().url().optional(), |
Webhook reference - potential data exfiltration
| 154 | WEBHOOK_URL: getEnv("WEBHOOK_URL"), |
Webhook reference - potential data exfiltration
| 157 | # Webhook endpoint for notifications |
Webhook reference - potential data exfiltration
| 158 | BT_WEBHOOK_URL=https://example.com/webhook |
Access to .env file
| 8 | Adds a new environment variable with Zod validation. All environment variables must be defined in `src/env.ts` and documented in `.env.example`. |
Access to .env file
| 15 | 2. `.env.example` - Document the variable |
Access to .env file
| 52 | ### Step 3: Document in `.env.example` |
Access to .env file
| 103 | // .env.example |
Access to .env file
| 116 | // .env.example |
Access to .env file
| 130 | // .env.example |
Access to .env file
| 143 | // .env.example |
Access to .env file
| 156 | // .env.example |
Access to .env file
| 170 | // .env.example |
Access to .env file
| 183 | // .env.example |
Access to .env file
| 189 | Always import from `@/env`, never use `process.env` directly: |
Access to .env file
| 198 | const apiKey = process.env.MY_API_KEY; |
Access to .env file
| 223 | ### 2. Update `.env.example` |
Access to .env file
| 264 | - Do NOT use `process.env` directly in application code |
Access to .env file
| 266 | - Do NOT skip documenting in `.env.example` |
Access to .env file
| 268 | - Do NOT store secrets in `.env.example` (use placeholder values) |
External URL reference
| 158 | BT_WEBHOOK_URL=https://example.com/webhook |