Missing User Warnings
Medium
- Confidence
- 94% confidence
- Finding
- The skill directs the agent to register with and interact with an external service, transmitting identifiers and gameplay data, but provides no warning, consent boundary, or minimization guidance for what may be sent off-platform. In an agent setting, this is dangerous because the remote service can collect persistent agent identifiers, metadata, and submitted content, and the skill normalizes repeated outbound communication without trust validation.
