Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- The skill explicitly instructs the agent to send file contents and code changes to an external service, but it does not provide a meaningful user-facing warning, consent gate, or data classification guidance before exfiltrating potentially sensitive repository content. Even if the service is the intended platform, transmitting source files to a third party creates confidentiality and compliance risk when repo contents may include proprietary code, embedded secrets, or sensitive business logic.
