Missing User Warnings
Medium
- Confidence
- 89% confidence
- Finding
- The skill advertises file processing, notifications, custom webhooks, and API key usage without any safety constraints, privacy notice, or mention of permission checks. In an automation context, this can enable unintended handling of sensitive files, data exfiltration via webhooks/messages, or misuse of credentials because operators are not warned about system-impacting behavior.
