Context-Inappropriate Capability
Medium
- Confidence
- 90% confidence
- Finding
- The skill extends beyond simple static artifact sharing by directing agents to create external accounts and persist long-lived API credentials on the user's machine. That increases the attack surface and creates an unnecessary identity/credential-management workflow for a task that could otherwise be a one-time upload flow, making misuse, silent account creation, and credential leakage more likely.
