Missing User Warnings
Medium
- Confidence
- 88% confidence
- Finding
- The documentation instructs users to provide publicly accessible image URLs to a third-party API but does not warn that doing so may expose sensitive images, metadata, or access patterns beyond the user's control. In the context of a prompt-generation skill, users may reasonably paste personal or proprietary image links without realizing they are being shared externally, creating a real privacy and data-handling risk.
