Description-Behavior Mismatch
Medium
- Confidence
- 93% confidence
- Finding
- This reference exposes OAuth client management and user-administration capabilities such as rotating client secrets, changing user roles, suspending users, and deleting users. For a skill described primarily as a knowledge-base interaction tool, documenting and potentially enabling these higher-privilege organization controls materially expands the reachable attack surface and could facilitate privilege abuse or tenant-wide disruption if the skill is over-permissioned or misused.
