Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The skill instructs the agent to transmit user-provided search terms to a third-party public API and to attach persistent tracking headers on every request, but the skill description does not warn users about this external disclosure. That creates a privacy and transparency issue: users may share sensitive funding interests, organization names, or project details without realizing they are being sent off-platform and correlated via invocation metadata.
