Are there any security concerns after making a ML skill public?

Note: The ML skill is made public and made accessible via an endpoint from outside of UiPath environment. Indicating that it can be called without the need to go through a Robot connected to the specific tenant.

Reason for public skill are,

1. To decouple Orchestrator dependency at Studio
2. To allow predictions outside of Studio also.

There is control of API key also, that needs to be used along with the public URL. API key is the added security for cloud, no one can access skills without that. Thus making a skill public does not compromise on the security, as access is still needed to the API key that is environment specific.

From dropdown it is possible to access the skill deployed on the tenant to which Robot is connected - this is private mode.

To decouple Orchestrator dependency at Studio, make the skill public and not worry about being connected to right tenant.