Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- The skill encourages reading raw message JSON and exporting sessions to Markdown, which can contain sensitive conversation history, filesystem paths, project identifiers, and possibly credentials or tokens referenced in messages. Although the notes later mention that account tables contain sensitive credentials, the export and inspection workflow does not prominently warn that generated files and console output may themselves leak private data.
