Missing User Warnings
Medium
- Confidence
- 97% confidence
- Finding
- The skill defines the API access token as a query parameter and later appends all query parameters directly into the URL. Tokens in URLs are commonly exposed through logs, browser/history tooling, proxy infrastructure, monitoring systems, and error messages, making inadvertent credential disclosure more likely even when HTTPS is used.
