Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- The README explicitly shows sensitive personal and health data being transformed and partially routed to a cloud provider, but it does not clearly warn users that de-identified or abstracted prompts may still carry privacy, regulatory, or re-identification risk. In a privacy-focused skill, this omission is especially dangerous because users may overtrust the system and send highly sensitive data under the assumption that cloud exposure is fully eliminated.
