Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- The skill encourages generating and using CLIs that make real API calls with authentication, but it does not warn users that the generated tools can send authenticated network requests or that passing secrets on the command line may expose them through shell history, process listings, logs, or agent traces. In an AI-agent context, this omission is more dangerous because agents may automatically execute suggested commands and handle credentials non-interactively, increasing the chance of unintended requests or secret leakage.
