Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- This script performs authenticated create, update, and delete operations against a live remote API, including batch update/delete and model deletion capabilities, with no guardrails such as confirmation prompts, environment gating, sandbox enforcement, or dry-run defaults. In an agent-skill context with unknown deployment targets, this can unintentionally alter or destroy production data if valid credentials are present.
