Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- The skill instructs users to send prompts and media-generation requests, authenticated with an API key, to a third-party service but does not clearly warn that user inputs and associated metadata will leave the local environment. In an agent setting, prompts may contain sensitive user data, making this an information disclosure risk even if the integration is legitimate.
