Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- The README exposes a reusable API key and encourages use of external services that are not clearly necessary for a personality-injection skill. Even if labeled as a public test key, embedding credentials in documentation can enable abuse, make users unknowingly depend on a third-party backend, and create an undisclosed data-flow path for prompts, preferences, or emotional-memory content.
