Context-Inappropriate Capability
Medium
- Confidence
- 94% confidence
- Finding
- The skill intentionally supports absolute local file paths for workflow asset fields and, when the bridge is non-loopback, base64-uploads those files to the configured bridge. Although extensions are restricted, this still creates a local file exfiltration primitive to any remote bridge URL in config, which is broader than the stated desktop-app/loopback usage and could expose sensitive local media or documents if an agent is induced to reference them.
