Missing User Warnings
Medium
- Confidence
- 89% confidence
- Finding
- The skill instructs forwarding merchant emails from connected Gmail accounts to an external recipient, receipts@mercury.com, without an explicit warning that email contents and attachments may leave the user's mailbox and be disclosed to a third party. Because receipts can contain personal, financial, and transactional data, users may trigger data exfiltration without fully informed consent.
