Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- The skill explicitly directs use of a third-party web API for processing user-provided source content, but gives no warning that blog posts, transcripts, drafts, or other potentially sensitive material will be transmitted off-platform. This creates a real data exposure and privacy risk, especially because the endpoint is an ngrok-hosted service, which suggests an ad hoc external tunnel rather than a clearly governed production API with documented retention, security, or compliance controls.
