Missing User Warnings
Medium
- Confidence
- 96% confidence
- Finding
- The skill explicitly requires sending detailed Kubernetes security posture data to a third-party API, but it does not instruct the agent to obtain informed user consent or warn that cluster configuration details will leave the local environment. Security architecture details, control gaps, and provider/version metadata can materially aid an attacker if disclosed, especially for production clusters.
