Missing User Warnings
Medium
- Confidence
- 90% confidence
- Finding
- The CLI reference shows a provider API secret in example output (`API Secret: sk-abc123...`) and immediately instructs users to use it as an `apiKey`, but it does not warn that this value is sensitive and must never be logged, shared, or committed. In a wallet- and provider-management skill, normalizing display of secrets increases the chance users expose credentials in screenshots, terminal logs, chat transcripts, or automation output, which could let others consume paid inference services or impersonate the user to that provider.
