Missing User Warnings
Medium
- Confidence
- 88% confidence
- Finding
- The documentation includes a plaintext API key field and example credential placement in a user config path, but provides no warning about secret handling, file permissions, redaction, or avoiding commits/logging. In a base skill that other integrations depend on, this increases the chance that users will store, copy, or expose long-lived credentials insecurely across multiple downstream skills.
