Missing User Warnings
Low
- Confidence
- 90% confidence
- Finding
- The README embeds remote images from raw.githubusercontent.com for payment QR codes. When a user views the document in a renderer that fetches remote assets, their client may automatically make network requests to a third-party server, disclosing metadata such as IP address, user agent, access time, and possibly repository/referrer context without explicit notice. In skill ecosystems that emphasize local/offline artifacts, this is a real but low-severity privacy issue rather than code execution.
