Context-Inappropriate Capability
High
- Confidence
- 99% confidence
- Finding
- The skill file contains hardcoded PostgreSQL credentials and a specific internal host for a live-looking database target. This is highly dangerous because anyone with access to the skill can reuse those secrets to connect to the database, exfiltrate or modify data, and pivot into the internal network; the fact that this is a database-admin skill makes the exposed credentials especially powerful rather than contextualizing them away.
