Missing User Warnings
Medium
- Confidence
- 84% confidence
- Finding
- The skill explicitly instructs the agent to create or edit a local `.env` file and configuration files, which commonly contain API keys and other sensitive settings, without requiring a clear warning, confirmation, or least-privilege handling. In an agentic environment, this can cause accidental overwrites, secret exposure, or unsafe persistence of credentials on disk.
