Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- The skill explicitly generates reusable curl smoke-test scripts and CI shell checks, but it does not warn that running those commands may send real requests to production-like endpoints, trigger state-changing operations, or expose embedded tokens and headers in logs or shell history. In this context, the omission is security-relevant because users may copy and execute generated commands unchanged, increasing the chance of unintended impact against live systems.
