Missing User Warnings
Low
- Confidence
- 81% confidence
- Finding
- The skill explicitly instructs the user to read and use a sensitive API key from disk without any warning about secret handling, least-privilege, masking, or avoiding exposure in logs/history. While this is normal for local API usage, documenting credential access this way can lead to accidental disclosure through shell history, copied commands, screenshots, or reuse in unsafe contexts.
