Missing User Warnings
Medium
- Confidence
- 90% confidence
- Finding
- The documentation instructs users to obtain and reuse a bearer token for authenticated API calls, but it does not clearly emphasize secret-handling practices beyond noting it is shown once. Users may paste tokens into shared terminals, logs, screenshots, or repos, leading to account compromise on the external service.
