Context-Inappropriate Capability
Medium
- Confidence
- 91% confidence
- Finding
- The script writes KEYAPI_TOKEN into the user's shell profile or PowerShell profile, creating long-lived persistence for a sensitive API credential. While this may be intended as convenience, persisting secrets in startup files increases exposure to accidental disclosure through backups, dotfile syncing, local inspection, or reuse by unrelated processes, and that persistence is broader than necessary for a LinkedIn-analysis skill.
