Missing User Warnings
Medium
- Confidence
- 96% confidence
- Finding
- The skill supports a `--submit` mode that sends the generated prompt/script and product reference image to an external AIGC API, but the documentation does not clearly warn users at the point of use that local content will leave the environment. This can lead to unintentional disclosure of sensitive product assets, unreleased marketing copy, or proprietary business data, especially because the workflow is designed to process real e-commerce materials and the submission action is only briefly described as a mode switch.
