Missing User Warnings
Medium
- Confidence
- 82% confidence
- Finding
- The skill explicitly references sensitive material including AGENT_SIGNING_KEY and describes it as a key pair for request signing, but does not give strong handling guidance such as never embedding private keys in plans, logs, prompts, or client-side code. In an agent ecosystem, normalizing credential references without operational safeguards increases the risk of accidental secret exposure or misuse.
