Vague Triggers
Medium
- Confidence
- 91% confidence
- Finding
- The manifest description uses very broad activation criteria such as nearly any GitHub-related request, which can cause the skill to trigger in situations where the user did not intend to use an external GitHub-integrated capability. Because the skill supports remote API access and repository operations, overbroad triggering increases the chance of unnecessary tool invocation and unintended data exposure or side-effecting actions.
