Describe the bug
I identified hardcoded PostgreSQL credentials in a GitHub repo. These credentials are valid and allow remote access to a live PostgreSQL instance exposed to the internet. This leads to a critical risk of full database compromise.

To Reproduce
The .env is publicly accessible at:
https://github.com/AIxBlock-2023/awesome-ai-dev-platform-opensource/blob/main/.env.example

**POC
Credentials leaked in .env:
POSTGRES_USER=postgres
POSTGRES_PASSWORD=@9^xwWA
POSTGRES_HOST=127.0.0.1
POSTGRES_PORT=5432

Successful login:

psql -h workflow.aixblock.io -p 5433 -U postgres
Password for user postgres:
psql (15.7 (Debian 15.7-0+deb12u1), server 14.4 (Debian 14.4-1.pgdg110+1))
Type "help" for help.

Listing available databases:
\l

Output:

aixblock-workflow | postgres | UTF8
postgres | postgres | UTF8
template0 | postgres | UTF8
template1 | postgres | UTF8

Expected behavior
Application secrets (such as database credentials) should never be committed to the repository.
Database servers should not be accessible over the public internet with default credentials.

Desktop (please complete the following information):

• OS: Linux (Debian)

• Tool: psql client

• Version: 15.7