Missing User Warnings
Medium
- Confidence
- 88% confidence
- Finding
- The skill is explicitly designed to create payment links and manage webhooks, which can involve collecting customer emails, redirect URLs, metadata, product details, and webhook payloads. Although it includes some generic security rules, it does not clearly warn users that data may be transmitted to external payment or webhook endpoints, nor does it describe privacy handling, retention, or third-party sharing, which can lead to unintentional exposure of personal or transactional data.
