Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- The setup instructions tell users to place Paprika account credentials directly into environment variables without any warning about secret handling, shell history exposure, process inspection risk, or safer storage options. In a skill that accesses personal account data, this increases the chance of credential leakage and unauthorized access to recipes, meal plans, and grocery data if the host environment is shared or logged.
