The lack of security in code generators

## Danger ahead!

Most of the code generators I've used always suggest Next.js, React with Vite, all integrated with GitHub and/or Vercel.

I ran into a serious problem the other day. Google's AI Studio simply made the Gemini API key public by adding a ***NEXT_PUBLIC*** to the environment variable.

I ask you, how is this possible? This should be very explicit for LLMs that generate code.

I realize there's still a big problem with these Vibecoding platforms when it comes to knowing how to handle what's public and what's private when it comes to environment variables.

## Solution

The solution is you must precious time with prompt enginnering and give strict directions to security.