Context-Inappropriate Capability
Medium
- Confidence
- 97% confidence
- Finding
- This script loads a sensitive private API key from the environment and prints part of it to stdout, which can leak secrets into terminal history, CI logs, or shared debugging output. For a weather-forecast skill, exposing credential material is not necessary for normal functionality, so this behavior is unjustified and increases the risk of credential disclosure.
