Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- The skill explicitly fetches arbitrary URLs using a browser with stealth/anti-bot capabilities, but the documentation does not warn users that requesting third-party URLs transmits network metadata and may expose internal access patterns, credentials in URLs, or sensitive browsing targets. In this context, the omission is more dangerous because the skill is designed to access remote sites and bypass basic anti-scraping controls, increasing the chance that users invoke it on sensitive or policy-restricted destinations without understanding the privacy and compliance implications.
