Context-Inappropriate Capability
Medium
- Confidence
- 97% confidence
- Finding
- The skill explicitly instructs operators to extract raw Twitter/X session cookies (`auth_token`, `ct0`) from the browser and pass them on the command line. Session cookies are high-value secrets that can enable account access and are exposed to shell history, process listings, logs, and accidental disclosure, making credential compromise more likely.
