I’ve just set up a public build, and after looking through what info is made public, I noticed certain fields like
BUILDKITE_BUILD_CREATOR_TEAMS which leak otherwise private information.
Email addresses show up even when commits are done as
firstname.lastname@example.org, and private team names are shown, which can leak things like the existence of unannounced products.
BUILDKITE_AGENT_META_DATA_* can also potentially leak configuration used for other private pipelines.
If would be nice if these fields could be hidden somehow, either by filtering the environment or just disabling the tab on public builds.