Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The README instructs users to place long-lived access tokens in shell environment variables and a persistent config file, but it does not include explicit guidance on protecting those secrets, rotating them, or avoiding accidental disclosure. This increases the chance of credential leakage through shell history, backups, shared home directories, screenshots, logs, or committed config files.
