Missing User Warnings
Medium
- Confidence
- 94% confidence
- Finding
- The skill is explicitly designed to send agent-generated questions and later retrieve human answers from a third-party service, but it provides no meaningful privacy warning, data-classification guidance, or restriction against sending secrets, source code, credentials, or regulated data. In an agent context, this is dangerous because blocked tasks often involve sensitive internal context, so users may unknowingly exfiltrate proprietary or confidential information to an external platform.
