Context-Inappropriate Capability
Medium
- Confidence
- 90% confidence
- Finding
- The skill explicitly authorizes command-line API access using `curl` or `gh` and instructs the agent to automatically attach `GITHUB_TOKEN` if present. Even though the stated purpose is repository analysis, this expands the skill's capability to authenticated external requests and secret-bearing command execution, increasing the risk of token exposure, over-privileged API use, or unsafe request construction if repository/user input is incorporated into commands. The context slightly reduces risk because the skill also warns not to follow repository instructions, but the automatic use of credentials still makes this a real security concern.
