Hi, thank you for your incident response.
I noticed that projects that don’t already use CircleCI (deleted .circleci/config.yml) still have environment variables. (This can be viewed by specifying the repository name directly in the URL https://app.circleci.com/settings/project/github///environment-variables).
Do I need to rotate credentials for such projects as well?