Context-Inappropriate Capability
Medium
- Confidence
- 88% confidence
- Finding
- The workflow includes publishing topology metadata to an external registry host, which expands the skill's behavior beyond local topology formation into outbound data disclosure. Even though the published data appears limited, it can expose swarm identifiers, hub addresses, and timing metadata to an external system without clear necessity or user warning, increasing information leakage and supply-chain trust risk.
