Context-Inappropriate Capability
Medium
- Confidence
- 87% confidence
- Finding
- The documentation tells the agent to send a banking authorization URL via WhatsApp or email, which extends the skill into outbound messaging of highly sensitive authentication material. In the PSD2 banking context, this is especially risky because authorization links may be intercepted, misdirected, or sent to the wrong recipient, enabling account-linking abuse or disclosure of sensitive banking workflow metadata.
