Context-Inappropriate Capability
Medium
- Confidence
- 91% confidence
- Finding
- The MapRender section instructs the agent to invoke local OS commands (`open`, `xdg-open`, `start`) to launch a browser. That extends the skill from remote map queries into local command execution, which can create an unsafe execution path if a crafted or untrusted `resource_key` or URL is ever passed through, and it violates least-privilege expectations for a map lookup skill.
