Context-Inappropriate Capability
Medium
- Confidence
- 77% confidence
- Finding
- The skill encourages use of API keys/environment variables for AI-based email extraction over highly sensitive mailbox content, but it does not clearly justify the data flow, define minimization boundaries, or warn that email contents may be transmitted to a third-party service. In an email-summary skill, this creates a real confidentiality risk because sensitive message data could be exposed beyond the local mailbox session.
