Context-Inappropriate Capability
Medium
- Confidence
- 94% confidence
- Finding
- The skill metadata declares a required STRIPE_API_KEY credential even though the file is a non-executable markdown guide and the introduction says no API key is required to get started. Requiring a real payment credential for static educational content can cause unnecessary exposure of sensitive secrets to the hosting platform or any future tooling that reads skill environment variables.
