For bugs with existing features

• Rule Id : SC2188
• My shellcheck version: 0.11.0
• The rule's wiki page does not already cover this (e.g. https://shellcheck.net/wiki/SC2086)
• I tried on https://www.shellcheck.net/ and verified that this is still a problem on the latest commit

Here's a snippet or screenshot that shows the problem:

#!/usr/bin/bash

token=foo

curl "https://example.com/api/profile" \
	-H @<(<<<"Authorization: Bearer $token")

Here's what shellcheck currently says:

$ shellcheck myscript
 
Line 6:
        -H @<(<<<"Authorization: Bearer $token")
              ^-- [SC2188](https://www.shellcheck.net/wiki/SC2188) (warning): This redirection doesn't have a command. Move to its command (or use 'true' as no-op).

Here's what I wanted or expected to see:

No error.

The purpose of using process substitution here is so that other unprivileged processes don't see the token when doing ps aux | grep curl.
Using true will consume stdin and would not pass it to curl.
I can silence it by adding a cat. like -H @<(cat <<<"Authorization: Bearer $token"). But the cat would be unnecessary.