Missing User Warnings
Medium
- Confidence
- 88% confidence
- Finding
- The skill explicitly says it generates PR descriptions from git diff and commit history, but it provides no warning that those inputs may contain sensitive source code, secrets, internal URLs, or personal metadata. In an agent context, this omission can cause users to submit repository data to downstream tooling or models without realizing the privacy and confidentiality implications.
