Missing User Warnings
Medium
- Confidence
- 96% confidence
- Finding
- The guide explicitly recommends `jl setup --token <token> --yes`, which encourages passing a secret on the command line. Command-line arguments are often exposed via shell history, process listings, audit logs, and agent telemetry, so this can leak the JarvisLabs API token to other local users or logging systems.
