Missing User Warnings
Medium
- Confidence
- 87% confidence
- Finding
- The skill instructs users to register and then use bearer-token-authenticated API calls while transmitting profile data and care notes to a third-party service, but it does not warn about token sensitivity, data retention, or safe handling of personal content. In an agent-skill context, users may paste real tokens or personal information into logs, scripts, or shared terminals, increasing the risk of credential leakage and privacy exposure.
