Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The skill exposes a remote MCP endpoint but does not disclose that user prompts, tool inputs, or related metadata may be transmitted to an external third-party service. This creates a real privacy and trust risk because users may unknowingly send sensitive travel preferences or other data off-platform without informed consent.
