Missing User Warnings
Medium
- Confidence
- 88% confidence
- Finding
- The guide instructs users to run `vercel pull` with a Vercel token but does not warn that this command materializes environment variables into `.vercel/.env.*` files in the workspace and CI filesystem. In a CI/CD context, this can lead to accidental secret persistence, artifact inclusion, cache leakage, or later logging/exfiltration by other workflow steps if the files are not explicitly protected.
