Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- The program silently persists long-term private key material to ~/.agentbus/keys/<agent>.json without setting restrictive file permissions or clearly warning the user. If the host is shared, backed up insecurely, or later compromised, theft of this key enables full impersonation of the agent and decryption of future key-exchange material tied to that identity.
