Missing User Warnings
Medium
- Confidence
- 88% confidence
- Finding
- Documenting an `export_org_context` capability without prominent warnings or access-control guidance is risky because it implies bulk extraction of organizational knowledge, which may include confidential, regulated, or privileged information. In a compliance-focused skill, this context is especially sensitive and could enable large-scale data exposure if users over-trust the tool or configure it broadly.
