Missing User Warnings
Medium
- Confidence
- 94% confidence
- Finding
- The skill instructs users to submit arbitrary search queries to Baidu's external API but does not clearly warn that those queries leave the local environment and are sent to a third party. This can expose sensitive prompts, internal project names, credentials pasted by mistake, or regulated data to an external service without informed user consent.
