Context-Inappropriate Capability
Medium
- Confidence
- 93% confidence
- Finding
- The script reads an authentication token directly from user home-directory config locations without any explicit consent prompt or clear disclosure in the declared skill behavior. Even though this is functionally related to publishing, accessing local credentials is sensitive because a user may not expect a third-party skill to harvest auth material from disk.
