Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The skill explicitly sends user-provided screenshots or image URLs to an external service, but it does not warn users that screenshots may contain sensitive information such as credentials, personal data, financial details, or internal dashboards. This creates a real privacy and data-handling risk because agents or users may submit highly sensitive screen content without informed consent or minimization.
