Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- The skill advertises persistent session reuse via a Chrome profile directory but does not prominently warn users that cookies, session tokens, and other authentication artifacts may remain on disk after login. In the context of a tax-platform login skill, this is more dangerous because retained browser state may expose highly sensitive government-account access on shared or compromised machines.
