Missing User Warnings
Medium
- Confidence
- 84% confidence
- Finding
- The documentation instructs users to provide a Shopify Admin API token with broad write scopes, but does not warn that this credential grants powerful access to store content and should be handled as a secret. In practice, this can lead to unsafe sharing, logging, or misuse of high-privilege credentials by users or downstream tooling.
