Context-Inappropriate Capability
Medium
- Confidence
- 92% confidence
- Finding
- The skill instructs the agent to collect and transmit third-party Mailgun credentials and modify project sending-domain settings. This materially increases risk because it expands from outreach automation into handling sensitive infrastructure secrets, and compromise or misuse could enable unauthorized email sending, domain abuse, or account takeover of mail operations.
