Context-Inappropriate Capability
Medium
- Confidence
- 82% confidence
- Finding
- The skill exposes remote download and arbitrary local file write behavior through output_path, which exceeds its stated query-oriented role and can be abused by upstream callers to overwrite files or persist untrusted content. In an agent setting, hidden side effects like local writes are more dangerous because higher-level orchestration may invoke this capability without treating it as a file-writing operation.
