Missing User Warnings
Medium
- Confidence
- 88% confidence
- Finding
- The skill clearly instructs the agent to send user-provided stock questions and prompts to a third-party API using an API key, but it does not prominently warn that request contents will leave the local environment and be processed by SkillBoss. This creates a privacy and data-governance risk because users may unknowingly transmit sensitive portfolio, strategy, or personal financial context to an external service.
