Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- The skill explicitly supports summarizing URLs, local files, PDFs, images, audio, and YouTube content using external model providers, but it does not warn users that submitted content may be transmitted to third-party APIs. This creates a real privacy and data-handling risk because users may unknowingly send sensitive local files or private URLs to external services such as OpenAI, Anthropic, xAI, Google, Firecrawl, or Apify.
