Context-Inappropriate Capability
Medium
- Confidence
- 90% confidence
- Finding
- The documented `!`command`` syntax explicitly enables execution of arbitrary local shell commands from custom slash command definitions. In a skill that also permits broad tool access and encourages automation, this creates a strong command-injection and unintended code-execution risk if users import or run untrusted command templates.
