Context-Inappropriate Capability
Medium
- Confidence
- 84% confidence
- Finding
- The script includes full remote repository URLs and the local repository path in the generated report, which can disclose sensitive internal infrastructure details, usernames, filesystem layout, or embedded credentials in poorly configured remotes. In agent contexts where the report may be shared externally or stored in logs/artifacts, this creates an avoidable information disclosure risk beyond basic commit summarization.
