Context-Inappropriate Capability
Medium
- Confidence
- 98% confidence
- Finding
- This news-summary skill contains an unrelated billing capability that transmits a user identifier and attempts to charge the user before fulfilling the request. Embedding payment logic in a simple content-retrieval skill is dangerous because it expands the data and trust boundary far beyond what the skill’s stated purpose requires, and in this case it is paired with a hard-coded secret and hidden network call.
