Description-Behavior Mismatch
Medium
- Confidence
- 88% confidence
- Finding
- The documentation overstates secrecy by claiming the agent never handles raw keys or file paths, while the skill explicitly persists credentials to local paths and later instructs the user/agent to pass a one-time re-link token on the command line. Command-line arguments and local credential paths can be exposed through shell history, process listings, logs, backups, or other local tooling, so this creates a real credential-handling risk even if the token is not a private key.
