Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- The guidance explicitly suggests inspecting environment variables including names like DATABASE and API_KEY, but it does not warn that environment dumps can expose live credentials in terminals, logs, screen shares, or pasted troubleshooting output. In a debugging skill, this increases the chance a user will reveal secrets while following the instructions, especially in production incidents where people copy command output verbatim.
