Context-Inappropriate Capability
Medium
- Confidence
- 96% confidence
- Finding
- The engine explicitly instructs itself to scan other agents' session logs and write results to a shared location readable by all agents. That creates a direct cross-agent data exposure channel, allowing sensitive prompts, secrets, user data, or internal reasoning from one agent context to be propagated into another without consent or need-to-know boundaries.
