Missing User Warnings
Medium
- Confidence
- 97% confidence
- Finding
- The README instructs users to place live GitHub and Algora credentials into a local .env file but does not warn them to keep that file out of version control, avoid sharing it, or use least-privilege tokens. This creates a realistic risk of accidental credential leakage through commits, screenshots, support bundles, or copied examples, especially because the document includes token-like examples and step-by-step setup guidance.
