Context-Inappropriate Capability
Medium
- Confidence
- 96% confidence
- Finding
- The document explicitly instructs the agent to upload user-provided images and videos to unrelated third-party hosting services before sending them to OpenCreator. This creates an unnecessary external data transfer path for potentially sensitive user media, expands the trust boundary, and can expose private files to services with unknown retention, access controls, or reuse policies.
