Missing User Warnings
Medium
- Confidence
- 96% confidence
- Finding
- The skill advertises automation that performs external actions on GitHub and social platforms, including starring repositories, posting comments, reviewing or updating trackers, and social publishing, but it does not prominently warn users that these actions may occur automatically under scheduled execution. This creates a real risk of unintended account activity, spammy behavior, policy violations, and reputational damage because users may install or trigger the skill without fully appreciating that it will act on their behalf against third-party services.
