Missing User Warnings
Medium
- Confidence
- 96% confidence
- Finding
- The skill explicitly tells users to store a sensitive API key in a local plaintext config file without any warning about secret handling, file permissions, or safer alternatives. This increases the chance of credential exposure through backups, screenshots, shared home directories, malware, or accidental commits if users mirror config into dotfiles.
