Missing User Warnings
High
- Confidence
- 96% confidence
- Finding
- The skill explicitly targets automation through a user's already logged-in browser and advertises HttpOnly cookie retrieval, but it does not present a prominent warning that this can expose authenticated sessions and sensitive credentials. In context, that omission is dangerous because the skill is designed to operate inside trusted local browser state, which materially increases the chance of unauthorized account access or data extraction.
