Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- This code aggregates X authentication cookies from three sensitive sources: environment variables, a local cookie file, and a live Chrome session via CDP. Even if intended to support authenticated access, this is still credential-access behavior that exceeds a simple content-conversion function and creates a strong risk of unauthorized session use, token leakage in logs, or reuse beyond the user's clear understanding.
