security issue with captcha_api rule

[m3di]

in the stateless mode validation rule as it provided in the documentation:

$rules = ['captcha' => 'required|captcha_api:'. request('key') . ',math'];
$validator = validator()->make(request()->all(), $rules);

it is not completely safe to put unvalidated request('key') to the rule list, someone may manipulate it and send some relevant rules and invoke some unwanted functions,

[m3di]

will you accept PRs?