Missing User Warnings
Medium
- Confidence
- 97% confidence
- Finding
- The skill defines the API token as a query parameter and later appends all query parameters directly into the URL before issuing the request. Tokens in URLs are commonly exposed via logs, browser/history equivalents, proxy infrastructure, monitoring systems, and error reports, making credential leakage more likely than if the token were sent in an Authorization header.
