Missing User Warnings
Medium
- Confidence
- 97% confidence
- Finding
- The skill directly prints highly sensitive personal and transaction data, including full name, home address, phone number, approval ID, purchase details, and payment information, without any access control, masking, minimization, or privacy notice. In an agent or shared execution context, this creates a clear risk of unauthorized disclosure, social engineering, fraud, and privacy-law noncompliance.
