Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- The skill explicitly instructs users to supply live X/Twitter session cookies via command-line flags or browser-cookie extraction, but it does not clearly warn that auth_token and ct0 are highly sensitive session secrets. Passing them on the command line can expose them via shell history, process listings, logs, or agent transcripts, and browser-cookie access expands the trust boundary to local credential stores.
