Context-Inappropriate Capability
Medium
- Confidence
- 96% confidence
- Finding
- The script enumerates host processes and parses another process's full command line to recover a CSRF token and port, which is sensitive host-inspection behavior beyond a simple quota display. Even though the stated purpose is to query a local Antigravity service, extracting secrets from process arguments creates an unnecessary capability that could be repurposed to access other local APIs or expose local process metadata.
