Missing User Warnings
Medium
- Confidence
- 87% confidence
- Finding
- The skill explicitly encourages connecting bank/card integrations and sending reports via Telegram/Discord, but it does not warn that sensitive financial transaction data may be transmitted to third parties. This creates a real privacy and data-exposure risk because users may enable integrations or alerts without understanding that expense details, merchants, amounts, and budget status could leave their primary system.
