Context-Inappropriate Capability
Medium
- Confidence
- 91% confidence
- Finding
- The skill instructs operators to retrieve a Notion credential directly from 1Password even though the manifest only declares an environment variable requirement. This expands the trust boundary, encourages secret access beyond the declared interface, and can normalize unnecessary credential exposure or secret exfiltration patterns in agent workflows.
