Context-Inappropriate Capability
Medium
- Confidence
- 96% confidence
- Finding
- The skill embeds a default third-party account identity (`openpatsnap@gmail.com`) for publishing actions. In a skill that automates external submissions, hard-coding an identity can cause the agent to act under the wrong account, disclose organizational affiliation, or submit listings without the current user's explicit authorization.
