Missing User Warnings
Medium
- Confidence
- 79% confidence
- Finding
- User-supplied queries are sent directly to external Naver endpoints for autocomplete and quote retrieval, which can disclose potentially sensitive investment interests or identifiers to a third party without any in-file notice or consent flow. While this is expected for a network-backed finance skill, the privacy risk is real because arbitrary user input is propagated off-box and logged/processed by the remote service.
