Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- The documentation clearly describes upstream provider routing and API-key-based cloud integrations, but it never explicitly warns that user prompts, conversation content, and related metadata will be sent to third-party model providers. In a router/proxy skill, this omission can cause users to unknowingly transmit sensitive data off-host, creating privacy, compliance, and confidentiality risks.
