If the API response to token creation omits the token field, Zod validation still passes (field is optional()), formatTokenCreated silently skips printing the value, and the user sees a success message with no token — permanently losing access to it since the value is never retrievable again. Throw an error instead of silently omitting it.

Also found at:

• src/commands/token/create.ts:31-36
• src/lib/api-client.ts:179

In sentry token delete, the token.name value returned from the org auth-token API is embedded directly into the confirmByTyping prompt string without stripping control/ANSI escape sequences. An org member with token-creation access can name a token with embedded escape sequences (e.g. \r\x1b[K) so that when an admin runs the delete command, the rendered prompt text can be overwritten/spoofed, or — if the name contains non-typeable bytes — interactive confirmation can never match (response.trim() === expected), forcing the admin to fall back to --yes/--force. Impact is limited because the admin themselves initiates the deletion and can bypass the prompt non-interactively.