Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- The guide tells users to place an API key and Feishu user ID directly into config.yaml but provides no guidance to protect the file, avoid committing it to source control, or use environment variables/secrets storage. This creates a realistic risk of credential leakage through shared directories, backups, logs, or repository commits, which could enable unauthorized API usage or misuse of messaging integrations.
