Missing User Warnings
Medium
- Confidence
- 89% confidence
- Finding
- The skill explicitly accepts photo inputs via URL, which implies the runtime may fetch remote resources over the network. Without warning users or constraining this behavior, the skill can enable unintended outbound requests, exposing IP/addressing metadata, leaking access patterns, and potentially creating SSRF-like risk if internal or sensitive URLs are supplied.
