Missing User Warnings
Low
- Confidence
- 89% confidence
- Finding
- The cheatsheet instructs users to place a live API key in a plaintext `.env` file without any warning about local secret exposure risks. While common in developer tooling, this can lead to accidental leakage through source control, backups, shell history, shared workspaces, or screenshots, especially for less experienced users.
