Context-Inappropriate Capability
Medium
- Confidence
- 91% confidence
- Finding
- The documentation explicitly instructs the agent to bypass the declared MCP-tool interface and use direct HTTP requests with handcrafted Basic authentication. This expands the skill's effective capabilities beyond its stated boundaries and creates a path for credential handling and data access that is not mediated by the approved tool layer, increasing the risk of unauthorized access or policy bypass.
