Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The skill explicitly states that new attack patterns are "hashed and submitted to the network," but the description does not clearly warn users that using the protection feature triggers outbound reporting to a remote service. Even if only hashes are sent, this is still network exfiltration of derived prompt data and may leak sensitive, linkable, or policy-relevant information in environments that require strict local-only processing.
