Missing User Warnings
Medium
- Confidence
- 82% confidence
- Finding
- The skill explicitly supports sending analytics events, linking anonymous IDs to user IDs, bulk uploads, and GDPR erasure requests, but it does not instruct the agent to obtain user confirmation or warn about privacy and irreversible data-impact implications before acting. In an agent context, this can lead to unauthorized transmission of personal data or unintended deletion requests to an external service.
