Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- The skill explicitly instructs users to send POST requests and states that requests will be routed through a gateway and counted in console statistics, but it does not warn that request contents may be transmitted to and logged by an intermediary service. This creates a privacy and data-governance risk because users may submit sensitive business or personal data under the assumption they are communicating only with the target skill endpoint.
