Context-Inappropriate Capability
Medium
- Confidence
- 93% confidence
- Finding
- The README explicitly instructs users to capture a live authentication token using an HTTPS interception proxy, which normalizes credential/session interception as part of setup. Even if intended for the user's own account, this expands the skill's operational scope beyond ordinary calendar management and encourages handling highly sensitive auth material in a way that can expose accounts if proxy configuration, logs, or captured traffic are mishandled.
