Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- The skill instructs agents to send arbitrary diagram source code and an API key to a third-party remote service, but it provides no explicit warning about confidentiality, retention, logging, or data handling. In agent workflows, users may unknowingly submit sensitive architecture, research, or internal system diagrams to an external provider, creating a real data exposure risk.
