Vague Triggers
Medium
- Confidence
- 84% confidence
- Finding
- The skill is marked user-invocable, but the manifest provides no concrete trigger phrases, guardrails, or invocation constraints. That increases the chance of accidental activation and unintended collection/transmission of user data to the external service, especially because the skill then encourages registration and authenticated API use.
