Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The skill explicitly directs the agent to read and create persistent memory files and initialize activity-tracking databases, but it does not require user consent, disclosure, retention limits, or guidance on handling sensitive data. In an agent framework context, this can lead to unexpected long-term storage of user prompts, secrets, behavioral data, or workspace contents, creating privacy, compliance, and data minimization risks.
