Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- The skill exposes destructive actions such as deleteMessage, editMessage, pin/unpin, and privacy-impacting actions such as readMessages and memberInfo, but it does not warn the operator to verify authorization, confirm user intent, or limit use to appropriate channels and messages. In an agent setting, this increases the chance of unintended data access, message tampering, or destructive actions being performed on behalf of a user without adequate safeguards.
