Missing User Warnings
Medium
- Confidence
- 89% confidence
- Finding
- The README explicitly instructs users to place an authentication Cookie into a local environment file, but provides no warning that the Cookie is a sensitive bearer credential equivalent to account access. In the context of an auto-publishing skill that authenticates directly to a third-party platform, this increases the risk of accidental credential leakage through commits, logs, screenshots, backups, or insecure file handling.
