Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- The skill instructs the agent to poll an external service for authentication state and then store and use an returned access_key, but it provides no user-facing consent language, credential handling boundaries, retention limits, or transport/security assurances. In an agent context, this creates real risk of credential misuse, silent third-party token handling, and unintended transmission of sensitive account-linked data to an external service.
