Missing User Warnings
Medium
- Confidence
- 96% confidence
- Finding
- This code sends raw user-provided medical questions to a third-party remote API, and the surrounding interface does not provide any explicit user-facing disclosure, consent flow, redaction step, or data-classification guard. In a medical-content skill, prompts may contain protected health information, case details, or sensitive clinical context, so silent transmission materially increases privacy, compliance, and data-handling risk.
