Marking specific job step as untrusted

Is currently possible to restrict access to secret env variables for some specific job step? Right now we have a case with certain job steps downloading scripts from external sources and it is important to ensure that those can’t possibly leak secret environment variables.

Only solution I can think of is to null all env vars explicitly:

      - run:
          name: Shady Step

Is there some way I can disable access to all secret vars without maintaining the list manually?