Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- The skill explicitly accepts arbitrary URLs and says to fetch and extract content without warning about external network access or constraining allowed destinations. This can lead to unintended requests to attacker-controlled URLs, privacy leakage, SSRF-style access to internal resources in capable runtimes, or retrieval of hostile prompt content that influences downstream outputs.
