Missing User Warnings
Medium
- Confidence
- 90% confidence
- Finding
- The skill documents saving and loading authenticated browser state and setting HTTP credentials, but it does not warn that these artifacts may contain session cookies, tokens, and other secrets that can be reused to impersonate a user. In an agent context, encouraging persistent auth state without storage-handling guidance increases the risk of credential leakage or unintended cross-task reuse.
