Context-Inappropriate Capability
High
- Confidence
- 97% confidence
- Finding
- The analyzer sends the full supplied source code and optional context to an external chat-completions API, which can expose proprietary code, secrets, credentials, or personal data embedded in the analyzed file. Because the transfer happens automatically and the endpoint is configurable, users may unintentionally exfiltrate sensitive content to a remote service or attacker-controlled endpoint.
