docs: add api field example in the appset security doc (#10087)

It seems like most of the work for the mentioned issue below is done under the PR #9466 but from the issue description, it's probably worth to mention the example as added here. Related #9352 Signed-off-by: Sahdev Zala <spzala@us.ibm.com>
argoproj · Jul 26, 2022 · e23178a · e23178a
1 parent 918e5ea
commit e23178a
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/docs/operator-manual/applicationset/Security.md b/docs/operator-manual/applicationset/Security.md
@@ -11,8 +11,8 @@ resources of Argo CD itself (like the RBAC ConfigMap).
 ApplicationSets can also quickly create an arbitrary number of Applications and just as quickly delete them.
 
 Finally, ApplicationSets can reveal privileged information. For example, the [git generator](./Generators-Git.md) can
-read Secrets in the Argo CD namespace and send them to arbitrary URLs as auth headers. (This functionality is intended
-for authorizing requests to SCM providers like GitHub, but it could be abused by a malicious user.)
+read Secrets in the Argo CD namespace and send them to arbitrary URLs (e.g. URL provided for the `api` field) as auth headers.
+(This functionality is intended for authorizing requests to SCM providers like GitHub, but it could be abused by a malicious user.)
 
 For these reasons, **only admins** may be given permission (via Kubernetes RBAC or any other mechanism) to create, 
 update, or delete ApplicationSets.