Missing User Warnings
Medium
- Confidence
- 96% confidence
- Finding
- This skill explicitly instructs agents to message other sessions and agents, but it does not warn that the message body may contain user data, internal context, credentials, or other sensitive system information that would be disclosed to a different recipient. Because the whole purpose of the skill is cross-agent communication, the absence of data-classification, minimization, and consent guidance materially increases the risk of unintended data exfiltration or privacy breaches.
