Context-Inappropriate Capability
Medium
- Confidence
- 90% confidence
- Finding
- The document explicitly instructs the parent agent to pass a PRUNA_API_KEY note to subagents, which expands credential exposure beyond the minimum necessary scope. In an agentic environment, subagents may have broader logging, prompt-injection, or output leakage risks, so propagating a reusable API credential materially increases the blast radius if any lane is compromised.
