Missing User Warnings
Medium
- Confidence
- 94% confidence
- Finding
- The skill explicitly instructs the agent to always forward `channel_id`, `guild_id`, `user_id`, and optionally `message_id` to the external MCP tool, but provides no user-facing notice, consent flow, or minimization guidance. This creates a privacy and data-governance risk because identifiable metadata is transmitted to another service whenever the `ooo` prefix is used, and the relay-only design reduces opportunities for the agent to warn the user or redact unnecessary fields.
