Missing User Warnings
Medium
- Confidence
- 94% confidence
- Finding
- The skill instructs users to place Soulseek credentials in plaintext environment variables but does not warn that such values may be exposed through shell history, process inspection, logs, crash reports, or inherited environments. In an agent-oriented context, this is more dangerous because credentials may be handled by automation, stored in transcripts, or reused across systems, increasing the chance of account compromise.
