Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- The documented authentication flow explicitly says it launches Chrome and extracts session cookies, which is a sensitive credential-handling mechanism. Even if intended for legitimate automation, using browser session-cookie extraction without any warning, scope limitation, storage/retention guidance, or consent language creates real risk of credential theft, session hijacking, or unsafe reuse of authenticated sessions.
