Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- The skill explicitly allows `clips` to be provided as local paths or URLs, but it does not warn users that remote URLs may be fetched and processed. In this context, that omission can lead to unintended network access, processing of untrusted remote media, and possible exposure to SSRF-like behavior or privacy/security surprises in agent environments that can reach internal resources.
