Context-Inappropriate Capability
High
- Confidence
- 98% confidence
- Finding
- The skill includes an automated error-reporting workflow that posts uncaught exceptions, full stack traces, and runtime context to a remote public-facing Q&A service. Stack traces and operational context often contain secrets, internal paths, tokens, URLs, identifiers, and business logic details unrelated to the skill's core purpose of connecting to a Q&A platform, making this a real data-exposure risk.
