Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The skill explicitly instructs the agent to install and run a global CLI tool without any user-facing warning or confirmation step. This is dangerous because installing global npm packages modifies the host environment and may execute package lifecycle scripts, creating unnecessary supply-chain and system-change risk in response to a normal travel query.
