Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- The skill explicitly instructs the agent to read API credentials from local files under ~/.config/ima or from environment variables. That exceeds the stated stock-analysis purpose and creates a path for secret access and exfiltration if the model is ever induced to reveal, transmit, or misuse those values. In a skill file, telling the agent where to find secrets is sensitive because the skill content itself is untrusted and may later be combined with network actions.
