Missing User Warnings
Medium
- Confidence
- 97% confidence
- Finding
- The skill instructs users to pass the API key directly on the command line, which can expose the secret via shell history, process listings, audit logs, and terminal recordings. While this is a common convenience pattern, it unnecessarily increases the chance of credential disclosure to other local users or logging systems.
