Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- The Vaultline example uploads the contents of a local artifact to an external service using an API key, but the example itself does not prominently warn that the file may contain sensitive repository details, command output, paths, or other data that should not be transmitted by default. In a skill intended for agent workflows and handoffs, users may copy-paste this block as-is, which creates a realistic risk of unintended data exfiltration to a third party.
