Fewer false positives in generic-env.yaml

http/vulnerabilities/generic/generic-env.yaml

@@ -40,8 +40,15 @@ http:
       - "{{BaseURL}}/.env.{{SD}}"
       - "{{BaseURL}}/api/.env"
 
+    matchers-condition: and
     matchers:
       - type: regex
         part: body
         regex:
           - "(?mi)^[a-z_]*(KEY|TOKEN|PASS|SECRET|DB_URL|DATABASE_URL|MAILER_URL)[a-z_]*="
+
+      - type: word
+        part: body
+        negative: true
+        words:
+          - "<html"