Missing User Warnings
Medium
- Confidence
- 94% confidence
- Finding
- The README instructs users to upload images to a Flask web demo that uses the OpenAI API, but it does not disclose that uploaded images may be transmitted to a third-party service or describe any privacy implications. This can mislead users into submitting sensitive images under the assumption processing is local, creating a real privacy and consent risk even though it is a documentation-level issue rather than an exploit primitive.
