Missing User Warnings
Medium
- Confidence
- 94% confidence
- Finding
- The skill explicitly sends a product URL/name and an API key to a third-party remote service, but the documentation does not clearly warn users that their inputs may be disclosed to and processed by an external provider. This creates a real privacy and data-governance risk, especially if users submit confidential product information, internal URLs, or sensitive campaign data under the assumption the skill is local-only.
