Missing User Warnings
Medium
- Confidence
- 88% confidence
- Finding
- The skill explicitly documents `ttt auth export` for exporting credentials as environment variables but gives no warning about the exposure risks. Environment variables can leak through shell history, process inspection, logs, CI output, crash reports, or inherited child processes, so normalizing this workflow without guardrails can cause credential disclosure.
