Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- The skill processes sensitive PDFs such as invoices, contracts, bank statements, licenses, and IDs, then sends extracted text to an external AI API for field extraction without a prominent user-facing warning. This creates a real privacy and compliance risk because users may unknowingly transmit personal, financial, or contractual data to third-party model providers.
