Context-Inappropriate Capability
Low
- Confidence
- 94% confidence
- Finding
- The skill embeds the author's personal email address and phone number directly in the documentation, which unnecessarily exposes personal contact data to all users and downstream systems that ingest the skill. While this does not directly enable code execution, it creates privacy, spam, social-engineering, and data-handling risk unrelated to the skill's finance functionality.
