Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The skill provides example commands that send signed claims and transfer payloads to a remote MCP service, but it does not clearly warn users that these actions transmit data off-host and may create publicly visible records. Because the tool is specifically about identity, signatures, attestations, and one example explicitly uses `visibility: "public"`, users could unknowingly disclose sensitive operational context or permanently associate their identity with artifacts and statements.
