Context-Inappropriate Capability
Medium
- Confidence
- 97% confidence
- Finding
- The template tells operators to place peer auth tokens directly into TOOLS.md and then instructs the agent to use those tokens via the exec tool. That gives the agent durable access to bearer credentials for other servers, expanding its authority beyond simple message routing and creating a clear secret-exposure path if the model is prompted to reveal files, commands, or configuration.
