Context-Inappropriate Capability
Medium
- Confidence
- 88% confidence
- Finding
- The API exposes retrieval of detailed logged-in employee identity and organizational metadata, including name, department, BU, admin flag, and related identifiers. In a browser/devtools skill, this expands access from debugging into unnecessary personal-data collection, increasing insider privacy risk and enabling profiling or targeted abuse if invoked without strict need and consent.
