Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The skill explicitly requires provider credentials to be sent to an external scanning service, but it does not warn users that highly sensitive cloud authentication material will leave their environment. In the context of a cloud security scanner, these credentials may grant broad read access and sometimes privileged API scope, so undisclosed transmission materially increases the risk of account compromise, unauthorized inventory access, and downstream abuse if the service is breached or misused.
