Missing User Warnings
Medium
- Confidence
- 97% confidence
- Finding
- The documentation instructs users to place an authentication cookie value in the URL query string, which can leak credentials through browser history, logs, analytics, proxy records, screenshots, referrer headers, and automation traces before the redirect clears the URL. Because this is an auth token for an agent-facing platform, exposure could enable session hijacking until the cookie expires or is revoked.
