Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- This helper silently modifies the Python import path to load code from an external workspace location and then queries that external 'company-brain' source at runtime. For a skill whose stated purpose is a curated skill directory, this creates an unnecessary trust boundary crossing: unreviewed local code can be imported and its output is injected into prompts, enabling prompt poisoning, data contamination, or execution of attacker-controlled code if the workspace path is compromised.
