Missing User Warnings
Medium
- Confidence
- 94% confidence
- Finding
- The iframe example places `username`, `id`, and `context` directly in the URL query string, which can expose potentially sensitive user data through browser history, logs, analytics systems, referrer headers, and shared screenshots or copied links. In this skill's embedding context, developers are likely to copy the example verbatim into production integrations, increasing the chance of unnecessary disclosure of personal identifiers and conversational context.
