Missing User Warnings
Medium
- Confidence
- 88% confidence
- Finding
- The skill advertises pushing meeting minutes to external services like WeCom, Feishu, and DingTalk without warning users that meeting notes may contain sensitive business, personal, or confidential information. In the context of meeting minutes, this is more dangerous because the content commonly includes internal decisions, attendee lists, action items, and deadlines, so undocumented data sharing can cause privacy or confidentiality breaches.
