Missing User Warnings
Medium
- Confidence
- 88% confidence
- Finding
- The skill documentation explicitly encourages sending assessment/profile data together with stable identifiers such as sessionId, timestamp, and userId, but provides no privacy notice, data minimization guidance, retention statement, or warning about handling potentially sensitive career/profile information. This creates a real privacy/security weakness because downstream integrators may transmit linkable personal data to a third-party API without informed consent, minimization, or safeguards.
