Missing User Warnings
Medium
- Confidence
- 89% confidence
- Finding
- The example output includes a customer's email address in a command-line listing of orders, which exposes personally identifiable information without any warning, masking, or stated access-control expectations. In an admin tool this may be functionally relevant, but embedding raw customer identifiers in examples normalizes unnecessary PII exposure and increases the chance of disclosure via shared terminals, logs, screenshots, or copied documentation.
