Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The skill explicitly instructs agents to extract and persist user-related information such as preferences, expertise, corrections, goals, deadlines, and external references into long-lived memory files, but provides no consent, minimization, retention, access control, or privacy safeguards. In practice, this can cause unnecessary storage of personal or sensitive conversational data across sessions, increasing the risk of privacy violations, over-collection, and unintended disclosure if those memory files are later reused or exposed.
