Context-Inappropriate Capability
Medium
- Confidence
- 94% confidence
- Finding
- The skill explicitly supports passing long-lived AccessKey credentials on the command line and storing them in local config files, which increases exposure beyond a narrowly scoped log-query action. Command-line secrets can leak via shell history, process listings, logs, screenshots, and agent traces, and local plaintext-style credential configuration broadens the blast radius if the host or workspace is compromised.
