Missing User Warnings
Medium
- Confidence
- 89% confidence
- Finding
- The script persistently stores arbitrary user input under ~/.local/share/fridge and later exposes it through search, recent, status, and export functions without any upfront disclosure, retention limit, or consent mechanism. In the context of a household inventory tool, users may enter shopping habits, schedules, costs, or other personal details, so silent long-term logging creates a real privacy risk if the local account, backups, or exported files are accessed by others.
