Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- The skill explicitly recommends saving and loading browser auth state files to skip login flows, but does not warn that these files can contain session cookies, local storage tokens, and other credentials. In an agent context, this increases the risk that sensitive authentication material is persisted insecurely, reused across tasks, or exfiltrated through logs, file sharing, or prompt injection-driven workflows.
