Is there any risk of passwords and API keys leaking through JSON files if they’re not directly tagged in a request?
For example, if I have some class which reads config.json, and I ask it to generate a similar class, will config.jsom be submitted to cursor and their providers?
Also, am I right in understanding that the whole codebase isn’t submitted and only relevant parts?