Missing User Warnings
Medium
- Confidence
- 94% confidence
- Finding
- The documentation instructs users to pass the API key directly as a command-line argument, which can expose the secret via shell history, process listings, terminal logs, and CI job output. In this skill's context, the key grants access to a third-party account/API quota, so leakage can lead to unauthorized use, billing abuse, or service disruption.
