Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- The skill instructs the agent to modify the user's Claude Code MCP configuration by adding a Longbridge server, which exceeds the stated purpose of providing stock-analysis guidance. This expands the agent's operational scope into environment reconfiguration, creating risk of unauthorized tool enablement, unintended external connections, and user-environment changes without explicit, task-specific consent.
