Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- The skill explicitly instructs the agent to send a POST request that creates or modifies remote guardrail configurations, which is a state-changing administrative action rather than a read-only verification function. Without an explicit confirmation step, authorization check, and clear notice that production policy will be changed, a user could trigger unintended live security-policy changes on an organization’s agents.
