Missing User Warnings
Medium
- Confidence
- 89% confidence
- Finding
- The skill instructs users to upload local image files and send prompts to an external API using an API key, but it does not explicitly warn that user-provided images and metadata leave the local environment. In an agent setting, this can lead to unintentional disclosure of sensitive images, prompts, or identifiers to a third-party service without adequate user awareness or consent.
