Context-Inappropriate Capability
Medium
- Confidence
- 89% confidence
- Finding
- This code reads repository content via GiteaClient (catalog.json and index.md) in addition to processing local files, expanding data access beyond the stated local-folder scope. That broadens the trust boundary and can expose unrelated repository content to downstream consumers without clear necessity, increasing the risk of unintended data disclosure and overcollection.
