Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- The documentation instructs users to send public video URLs and optional callback URLs to a third-party service, but it does not explicitly warn that this shares potentially sensitive media locations and webhook endpoints with an external provider. In a skill context, users may assume hosted URLs are routine inputs and overlook privacy, access-control, or metadata exposure risks, especially if URLs embed tokens or point to non-public infrastructure.
