Missing User Warnings
Medium
- Confidence
- 94% confidence
- Finding
- The skill explicitly demonstrates sending an Authorization bearer token in browser headers to a remote URL, but it provides no warning about credential handling, token scope, logging, or the risk of transmitting secrets to external services. In this skill's context, browser providers may be local or third-party hosted, which increases the chance that sensitive headers, session data, or page contents are exposed beyond the intended Kubernetes environment.
