Missing User Warnings
Medium
- Confidence
- 88% confidence
- Finding
- The README explicitly recommends sending workflow health data, workflow names, error messages, and failed node details to Telegram, but does not warn that these fields can contain sensitive operational data such as internal system names, URLs, identifiers, stack traces, or business context. In this skill's context, the monitored data comes from workflow executions and debug output, which often includes secrets-adjacent metadata and incident details, so forwarding it to a third-party messaging channel increases the risk of unintended disclosure.
