Vague Triggers
Medium
- Confidence
- 88% confidence
- Finding
- The activation guidance is broad enough to trigger on common requests like "generate screenshots" or "ship a new app," which can cause the skill to run in situations where the user did not explicitly consent to external processing. In this skill, that is more dangerous because subsequent steps instruct the agent to inspect the local codebase and send derived project context to a third-party API.
