Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- Passing the API key directly on the command line can expose the secret through shell history, process listings, terminal logging, and CI job logs. In shared or monitored environments, another local user or logging system could recover the key and use the third-party API under the victim's account.
