Context-Inappropriate Capability
Medium
- Confidence
- 98% confidence
- Finding
- The skill instructs the agent to read and reuse a persisted App-Key from local storage across sessions, even though generating marketing content only requires the key for the current transaction. Persisting API credentials in a generic local file increases theft and unintended reuse risk, especially in shared hosts or multi-skill environments.
