Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- The skill explicitly documents how to construct permanent, unauthenticated share links for meeting recordings/transcripts and even recommends them for sharing with external parties. Because the skill’s core purpose is accessing Fireflies data via API, adding guidance to bypass login-based access controls materially increases the chance of unauthorized disclosure of sensitive meeting content.
