Missing User Warnings
Medium
- Confidence
- 87% confidence
- Finding
- The README instructs users to store AppID and AppSecret in a local config file without any guidance on securing that file, avoiding commits, or setting restrictive permissions. While this is common setup practice, omission of credential-handling precautions increases the chance of accidental secret exposure through source control, backups, or multi-user systems.
