Context-Inappropriate Capability
Medium
- Confidence
- 87% confidence
- Finding
- The code writes a local screenshot of a live browser session to disk without user consent, retention controls, or cleanup. Because the page is remote and may contain user-specific content, cookies-derived state, or other sensitive visual data, this can create unintended local data exposure beyond the downloader’s core function.
