Context-Inappropriate Capability
Medium
- Confidence
- 91% confidence
- Finding
- The script collects an LLM API key and injects it into a third-party Docker container, which expands the skill's trust boundary beyond simple local memory storage. Even if this is functionally required for knowledge extraction, the setup does not clearly explain that the credential will be exposed to containerized code and may be used for external network calls.
