Context-Inappropriate Capability
High
- Confidence
- 99% confidence
- Finding
- The skill explicitly instructs users to paste the full OAuth credentials.json into chat so the AI assistant can install it on the server. This creates a direct secret-exfiltration path through natural language, exposing access_token and refresh_token to the model, chat logs, operators, and any downstream integrations that retain conversation content.
