Context-Inappropriate Capability
High
- Confidence
- 99% confidence
- Finding
- The skill explicitly instructs the agent to store a long-lived API token in persistent memory, which expands the exposure window far beyond the immediate task. Persistent agent memory is often less visible, harder to audit, and may be reused across sessions or contexts, turning a publishing credential into a standing secret accessible to future prompts or compromised tooling.
