Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- The skill explicitly recommends saving and loading browser auth state but does not warn that the resulting files may contain session cookies, tokens, and other sensitive browser storage. In an agent setting, this can lead to credential reuse, unintended privilege transfer between tasks, or leakage of reusable authentication material if the state file is stored insecurely or shared.
