Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- The documentation instructs users to provide an API key and to call a third-party endpoint, but it does not clearly warn that the key is transmitted to TianAPI on every request. This can lead users to expose credentials to an external service without informed consent, increasing the risk of credential misuse, logging exposure, or accidental sharing.
