Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The skill is designed to transmit highly sensitive health data together with directly identifying information, including a full name, birth date, and INR result, over email, but it provides no privacy warning, consent language, or indication of security controls. In this context, omission of privacy safeguards is dangerous because users may unknowingly disclose protected medical information to third parties or to the wrong recipient, especially since the skill supports sending to a test address unrelated to care delivery.
