Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The skill instructs the agent to upload a user-provided image to a third-party API but does not include an explicit user-facing notice or consent step about external data transfer. Because images may contain sensitive personal or proprietary content, silent transmission to an external service creates a real privacy and compliance risk.
