Context-Inappropriate Capability
Medium
- Confidence
- 91% confidence
- Finding
- The standalone-install fallback explicitly instructs the agent to fetch governing reference files from GitHub before scoring. That expands the skill's trust boundary from local, user-supplied artifacts to live remote content, creating a supply-chain and prompt-injection risk if the remote repository changes, is compromised, or returns unexpected content. In an auditor skill, this is especially sensitive because fetched instructions can influence verdicts and downstream writes.
