Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The skill explicitly instructs users to configure an external LLM API and notes that LLM-powered plugins process document content, but it does not warn that prompts or source document text may be transmitted to a third-party service and cached locally. This creates a real privacy and data-handling risk, especially if users compile sensitive or proprietary markdown through the graph or table plugins without realizing content leaves the local environment.
