Missing User Warnings
Medium
- Confidence
- 96% confidence
- Finding
- The skill explicitly documents unauthenticated write access to a local memory service and provides a ready-to-run example that persists data without warning about trust boundaries, persistence, or the risks of local cross-process abuse. 'Localhost' is not a meaningful security boundary on a shared host or against other local software, so this can enable unauthorized memory poisoning, persistence abuse, or leakage of sensitive workflow context if operators assume the interface is inherently safe.
