Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The code sends the patient's 既往史/record content to an external LLM endpoint over the network, but there is no explicit consent, disclosure, de-identification, or policy enforcement in the skill itself. In a medical EMR quality-control context, this can expose sensitive health information to a third-party processor and may violate privacy, data residency, or compliance requirements even if the transport is HTTPS.
