Context-Inappropriate Capability
High
- Confidence
- 99% confidence
- Finding
- The script hardcodes live JQData credentials directly in source code via jq.auth('13918681158', 'Yindb1158'). Embedded credentials are easily exposed through source control, logs, packaging, or downstream redistribution of the skill, enabling unauthorized access to the third-party account and any associated paid data entitlements.
