Description-Behavior Mismatch
Medium
- Confidence
- 91% confidence
- Finding
- The skill advertises a 'zero exposure key' rule, yet later instructs operators to configure long-lived AWS access keys via environment variables or aws configure. While standard for AWS CLI setup, this contradicts the stated security posture and increases the chance that an agent with exec/read access may encounter, misuse, or expose credentials from shell history, environment inspection, or local config files.
