Missing User Warnings
Medium
- Confidence
- 89% confidence
- Finding
- The skill explicitly instructs sending prompts, image URLs, and possibly edited media to a third-party API using a bearer token, but it provides no user-facing consent, privacy warning, or data-handling caveat. This creates a real data-exposure risk because users may unknowingly transmit sensitive prompts, private images, or internal URLs to an external service.
