Context-Inappropriate Capability
Medium
- Confidence
- 92% confidence
- Finding
- The skill declares only WebFetch as an allowed tool, but instructs the agent to invoke local Python scripts and rendered-DOM checks outside that declared capability boundary. This creates a tool-policy mismatch that can lead hosts or wrappers to execute undeclared local code or network-enabled helpers, undermining sandbox assumptions, review controls, and least-privilege restrictions.
