Missing User Warnings
Medium
- Confidence
- 90% confidence
- Finding
- The documentation includes an authentication example that places a literal password into a shell pipeline. While `--password-stdin` is better than passing a password directly as a command-line argument, the example still normalizes handling secrets in plaintext and may lead users to expose credentials through shell history, process inspection, pasted logs, or reused insecure scripting patterns. In a CLI skill focused on automation and authentication workflows, this is more dangerous because users are likely to copy-paste examples into real scripts.
