Missing User Warnings
Medium
- Confidence
- 89% confidence
- Finding
- This line performs a live API-backed query using locally stored OpenAI and Pinecone credentials, which can cause outbound network access and billable requests without clearly warning the user. In an agent-skill context, silent external calls are more dangerous because they may disclose metadata, trigger unintended third-party processing, or incur cost during what appears to be a simple health check.
