They do leak memory sometimes. Cito frees variables, but not temporary values. It also has no chance of knowing whether a third-party function takes ownership of an object or not.
To be fair, the line between "Cito does not frees temporary values" and "the programmer screwed up by using wrong kind of references" is a little blurry. Most of my code in the issue above can be attributed to me writing dangerous code and getting shot in the foot, not Cito's issues.
However, I don't think a project may simultaneously have dangling references and claim to follow "Principle of least astonishment". Dangling references are unsurprising if you've been using C++ a lot, but I expect them to be very surprising to people coming from basically any garbage-collected language: Java/C#/Kotlin/JavaScript.
I do not expect anyone to code a C or C++ library with no awareness of memory errors. This isn't a safe language on top of C++. If you target C++, you need to know it.
On the other hand, if you only know "safe" languages and target "safe" languages, there will be no dangling references.
By POLA, Ć doesn't reinvent keywords (compare to Rust) and the translated code is meant to look "obvious" compared to what you wrote in Ć. It's not "knowledge of C# is sufficient to write code correct in eight other languages" (that would be quite astonishing actually).
The simplest example is string interpolation, I've just submitted an issue: https://github.com/pfusik/cito/issues/26