Missing User Warnings
Medium
- Confidence
- 90% confidence
- Finding
- The skill explicitly instructs agents to transmit payment credentials and risk signals, which are highly sensitive data categories, but provides no guidance on minimization, consent, encryption, retention, redaction, or logging controls. In an agent-to-agent commerce context, this omission is dangerous because implementers may pass full payment data or behavioral risk metadata through messages, logs, or third-party transports without adequate safeguards.
