Missing User Warnings
Medium
- Confidence
- 96% confidence
- Finding
- The skill explicitly tells users to create and prefer a non-expiring API token for routine use, but does not warn about the persistence and blast radius of token compromise. Long-lived bearer tokens materially increase risk because theft from shell history, logs, environment leakage, or prompt/output exposure yields durable unauthorized access.
