Missing User Warnings
Medium
- Confidence
- 90% confidence
- Finding
- The skill persistently stores sensitive educational and potentially family-related data, including student identities, academic records, application status, recommendation details, and financial aid information, in a local JSON file without clearly warning users that this information will be retained. In the skill context, this increases privacy risk because users may disclose minors' data assuming the interaction is ephemeral, and the accumulated file becomes a concentrated source of sensitive personal information if accessed by other local processes or users.
