Missing User Warnings
Medium
- Confidence
- 96% confidence
- Finding
- The skill documents remote HTTP and SDK usage that sends user-supplied URLs, files, and possibly extracted document content to a third-party service, but it does not clearly warn users about that data egress. In an agent setting, this can cause operators to unintentionally transmit sensitive local files, internal URLs, or proprietary content outside their trust boundary.
