Missing User Warnings
Medium
- Confidence
- 87% confidence
- Finding
- The README explicitly describes authentication and access to HR/recruitment data, including usernames, passwords, tenant IDs, and API keys, but provides no warning about safeguarding credentials or handling candidate PII. In an HR context, this omission is meaningful because operators may paste real secrets into config files and use the skill against live employee/candidate records without being alerted to privacy, consent, retention, and least-privilege expectations.
