Missing User Warnings
Medium
- Confidence
- 86% confidence
- Finding
- The script sends user-supplied address data to third-party geocoding services (OpenStreetMap Nominatim and Photon) without any explicit notice, consent flow, or minimization. If users provide home, work, or otherwise sensitive locations, this can expose personal data to external services and create privacy/compliance risk, especially because the skill context is location-based and naturally encourages disclosure of precise places.
