Vague Triggers
Medium
- Confidence
- 93% confidence
- Finding
- The skill’s invocation text explicitly encourages use for 'any Canvas LMS deployment behind an institutional SSO,' even though the flow is tailored to a specific CAS/SAML + RSA-password-login pattern. Overly broad triggers can cause an agent to apply credential-replay automation in environments it was not validated for, increasing the chance of mishandling credentials, breaking authentication flows, or performing unauthorized login/token operations against third-party institutional systems.
