Missing User Warnings
Medium
- Confidence
- 89% confidence
- Finding
- The skill documents configuring an outbound webhook to an external SMTP relay and publishing email payloads containing recipient addresses and message bodies, but it provides no warning that this transmits potentially sensitive content and metadata to third-party services. In an agent context, this can lead to unintentional exfiltration of private data, secrets, or operational information if users treat the examples as safe defaults.
