Missing User Warnings
Medium
- Confidence
- 94% confidence
- Finding
- The skill performs outbound network requests to arbitrary monitored URLs via RSS parsing and direct HTTP GETs, but the markdown does not warn users that activating it will contact external sites. This can expose user IP/network metadata, trigger access to internal or sensitive endpoints if user-supplied URLs are accepted, and create SSRF-like risk in agent environments with privileged network access.
