Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- The skill requires reading a hard-coded file from a local Obsidian vault before doing its stated job, which expands access beyond what is necessary to generate a report. This creates an unnecessary data exposure path and can cause the agent to ingest unrelated sensitive local content from a user-specific filesystem location.
