Missing User Warnings
Medium
- Confidence
- 98% confidence
- Finding
- The README publicly exposes and repeatedly promotes a shared test API key, encouraging immediate use without any guidance on credential handling, abuse limits, or revocation expectations. Even if the key is intended for a free tier, publishing it as a reusable credential can enable quota exhaustion, service abuse, misleading attribution of activity, and normalizes insecure secret-sharing practices for downstream users.
