Missing User Warnings
Medium
- Confidence
- 84% confidence
- Finding
- The skill directs users to set persistent credential-related environment variables and to edit an auth profile file with credential-like material, but it provides no guidance on protecting those values, avoiding accidental disclosure, or using least-privilege storage. This increases the chance that secrets or credential pointers become exposed through shell history, world-readable files, logs, or copied config files.
