Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The skill instructs users or agents to send POST requests to an external endpoint and explicitly shows a JSON body containing user input, but it provides no warning that submitted data leaves the local environment. Even though the example uses httpbin.org and mentions a future gateway replacement, the documented behavior normalizes transmitting potentially sensitive prompts or user data to third-party infrastructure without consent or data-handling disclosure.
