Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- The README encourages scanning .env files and environment variables, which are highly likely to contain live credentials, but does not prominently warn users that these operations process sensitive local secrets and may capture metadata derived from them. In a security-oriented tool, missing handling cautions can lead to unsafe usage, accidental overbroad scans, or misunderstanding of what data is being read and retained.
