Context-Inappropriate Capability
Low
- Confidence
- 72% confidence
- Finding
- The history command exposes operational logs keyed only by an optional channel string, with no authorization or ownership check shown in this script. If multiple users or tenants share the environment, a caller may be able to enumerate or retrieve prior task metadata, result URLs, local file paths, and task IDs, causing cross-session information disclosure.
