Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- The deployment notes describe the external image-generation API, bearer-token authentication, and internet requirement, but they do not clearly warn users that prompts and credentials will be transmitted off-host to a third-party service. This can cause users to unknowingly send sensitive prompts or operate the skill in environments where external data transfer is restricted, increasing privacy and compliance risk.
