Missing User Warnings
Medium
- Confidence
- 79% confidence
- Finding
- The code stores the auth token in a local cache file in the project directory without setting restrictive file permissions, encryption, expiry handling, or user notice. Any local user, process, backup system, or accidental repository inclusion could expose the token and allow session hijacking.
