Context-Inappropriate Capability
Medium
- Confidence
- 98% confidence
- Finding
- The debug helper writes full authenticated HTML responses and session cookies to predictable local files, including /tmp paths used during login and schedule fetches. Those artifacts can expose account data and reusable session tokens to other local users, backups, crash collectors, or later malware, which exceeds the tool's stated purpose of fetching schedules.
