Missing User Warnings
Medium
- Confidence
- 98% confidence
- Finding
- The skill defines the authentication token as a query parameter and then appends all query parameters directly into the request URL. Query-string tokens are commonly exposed through logs, browser/history equivalents, proxy and CDN logs, monitoring tools, error messages, and downstream telemetry, increasing the chance of credential leakage even when HTTPS is used. In this skill context, the risk is more concrete because the token is a required credential for a third-party API call and the code provides no warning or safer alternative.
