Missing User Warnings
Medium
- Confidence
- 89% confidence
- Finding
- The skill encourages sending user-provided URLs, headers, cookies, and optional webhook settings to a third-party service without an explicit warning about external data transmission or sensitivity of those fields. This can cause unintended disclosure of session tokens, internal URLs, or callback endpoints, especially because the request schema explicitly allows forwarding cookies and custom headers.
