Context-Inappropriate Capability
Low
- Confidence
- 90% confidence
- Finding
- The quick-start instructions tell users to write API credentials directly into a plaintext .env file without any security guidance. This can lead to accidental secret exposure through local compromise, backups, screenshots, or committing the file into version control, especially in educational or shared workstation environments.
