Missing User Warnings
Medium
- Confidence
- 89% confidence
- Finding
- The documentation instructs users to send POST requests to an external endpoint and explicitly states that requests will be forwarded through a gateway and counted in console statistics, but it does not warn that submitted data may be transmitted, logged, metered, or exposed to third-party infrastructure. In a tool skill, this can lead users or downstream agents to send potentially sensitive prompts or personal travel data without informed consent or data-handling expectations.
