Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- The documentation instructs users to write environment data into `.env.local` but does not warn that the file may contain sensitive configuration values such as OAuth client details, workspace identifiers, and API endpoints. In app-development workflows, `.env.local` is commonly at risk of accidental inclusion in source control or exposure through local tooling, so omitting handling guidance creates a real secret-hygiene weakness.
