Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The skill encourages users to register accounts and send profile data to a third-party service, then later use bearer tokens against that service, without an explicit privacy, trust, or consent warning. In an agent-skill context, documentation that normalizes outbound authenticated requests can lead users or tooling to transmit data and credentials to an external domain they may not have independently vetted.
