Missing User Warnings
Medium
- Confidence
- 94% confidence
- Finding
- The code sends raw clinical question content directly to a remote API via `call_llm(...)` without any built-in consent flow, warning, redaction, or safeguard indicating that potentially sensitive medical data may leave the local environment. In a medical-diagnosis skill, prompts can easily contain protected health information or other highly sensitive patient details, so silent transmission materially increases confidentiality and compliance risk.
