Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The skill explicitly routes email sending and receiving through a third-party hosted API but does not clearly warn users that message bodies, attachments, addresses, and related metadata will leave the local environment and be processed by that service. This can lead agents or operators to transmit sensitive content without informed consent, especially because the skill encourages use for sign-ups, 2FA codes, and third-party account workflows.
