Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- This tool reads configuration files and prints their full normalized contents or diffs, which can readily expose secrets such as API keys, passwords, and tokens commonly stored in JSON, TOML, and especially .env files. In an agent-skill context, automatically echoing sensitive values to stdout increases the risk of credential disclosure into logs, chat transcripts, or downstream tooling.
