Context-Inappropriate Capability
Medium
- Confidence
- 94% confidence
- Finding
- The skill instructs use of an owner-only authenticated API without manifest disclosure, clear access control handling, or user-scoped consent. This can lead to unauthorized use of privileged credentials or silent transmission of user research topics to a private third-party service outside the user's expectations.
