Context-Inappropriate Capability
High
- Confidence
- 99% confidence
- Finding
- The skill embeds what appears to be a live Authorization credential and app identifier directly in documentation. Distributing usable secrets in a setup skill exposes the downstream MCP service to unauthorized use, credential reuse, abuse, and difficult-to-contain leakage via source control, logs, or model outputs.
