Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- The skill instructs users to authenticate with a plaintext password on the command line and states that credentials are written to a persistent local config file, but it does not give an explicit security warning or describe how the secrets are protected. This is dangerous because command-line arguments may be exposed via shell history or process inspection, and persisted credentials in a user config directory can be recovered by other local processes or users if file permissions or storage protections are weak.
