The Right Way to Handle API Keys When Your Agent Reads Untrusted Content

There is a category of AI agent that most security guidance does not account for properly: the one that reads things. An agent with predefined workflows and controlled inputs has a manageable threat model. An agent that reads webpages, processes documents, handles emails, or parses API responses from third parties is a different situation. Some of that content is variables to the response and continue normally. If your credentials are in environment variables, the agent has everything it needs to comply.