Missing User Warnings
Medium
- Confidence
- 83% confidence
- Finding
- The README instructs users to place an API key into a local credentials file but does not include any guidance about secure file permissions, avoiding accidental commits, or protecting the key from disclosure. While this is common setup documentation, the omission can lead to credential exposure through weak filesystem permissions, backups, or repository mistakes.
