Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The skill explicitly collects user account/profile information and persists it to a local .env file, but it does not clearly warn the user that this data will be stored on disk and reused later. Even if the fields are not highly sensitive secrets, they are still personal/business profile data and persistent storage increases exposure through backup systems, local compromise, or accidental sharing of the workspace.
