Missing User Warnings
Medium
- Confidence
- 88% confidence
- Finding
- The setup section instructs users to obtain an API key and place it into environment/config values, but it does not explicitly warn that the key is sensitive, should not be pasted into chat, committed to source control, or stored insecurely. In an agent skill context, this omission increases the chance of credential leakage through transcripts, shared configs, logs, or repositories, which could allow unauthorized access to the user's Taskr project and task data.
