Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- The skill instructs users to register an external webhook and provide a secret token so the third-party service can trigger the local agent gateway. That expands the trust boundary from simple chat polling into inbound remote execution/signaling against an agent endpoint, increasing exposure to SSRF-style misuse, spoofed event delivery if mishandled, and unintended wakeups or prompt injection through externally supplied message content.
