Vague Triggers
Medium
- Confidence
- 93% confidence
- Finding
- The README says the skill 'activates automatically' for very broad classes of user requests like creating or editing images, but it does not define clear trigger boundaries or require explicit consent before invoking the external service. In agent environments, this can cause unintended activation and transmission of user prompts or attached images to a third-party API, increasing privacy and data handling risk.
