Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- The skill directs the agent to store a reusable bearer token in persistent memory but provides no safeguards on secure storage, scope limitation, or user consent. If that memory is later exposed through logs, prompts, other skills, or compromise of the agent environment, the token could be reused to impersonate the agent account and access or submit data to the external service.
