Missing User Warnings
Medium
- Confidence
- 97% confidence
- Finding
- The skill instructs agents to upload local PDFs to public storage so a third-party service can fetch them, but it does not warn about confidentiality, access control, retention, or whether the document contains sensitive data. This can lead to unintended public exposure of proprietary, personal, or regulated documents, especially because users may assume local files remain private during processing.
