Scope Creep
Medium
- Confidence
- 93% confidence
- Finding
- The CLI allows credentials to be supplied via --appid and --secret, which expands the skill's credential intake beyond the declared sources of workspace files and environment variables. In an agent setting, this can cause sensitive secrets to be pulled from user prompts, command history, logs, or orchestrator traces, increasing credential exposure risk.
