Missing User Warnings
Medium
- Confidence
- 98% confidence
- Finding
- The skill defines the API access token as a query parameter and later appends all query parameters into the request URL. Query-string credentials are commonly exposed through logs, browser/history tooling, proxy infrastructure, monitoring systems, and error telemetry, making accidental credential disclosure more likely even when HTTPS is used.
