Missing User Warnings
Medium
- Confidence
- 88% confidence
- Finding
- The skill instructs users to provide account credentials via environment variables or a local JSON file without any warning about secure storage, file permissions, or secret-handling practices. This increases the risk of credential exposure through shell history, process inspection, backups, or overly permissive files, especially because the skill handles a third-party account password directly.
