Context-Inappropriate Capability
Medium
- Confidence
- 98% confidence
- Finding
- The skill explicitly tells users to obtain Untappd mobile app client credentials by intercepting the app's traffic, which encourages reverse-engineering and extraction of secrets not intended for end users. That exposes users to policy/legal risk and normalizes misuse of third-party credentials to access private or unsupported APIs, making the skill materially more dangerous than a standard beer-search integration.
