Context-Inappropriate Capability
Medium
- Confidence
- 91% confidence
- Finding
- The prompt explicitly instructs the agent to read local files containing the user's stock pool and position data, which are sensitive portfolio artifacts. Even though the skill is about stock monitoring, accessing arbitrary local files extends the skill into handling private financial data and creates an unnecessary data-exposure surface if the access is not clearly declared, consented to, and constrained.
