Context-Inappropriate Capability
Medium
- Confidence
- 94% confidence
- Finding
- The skill grants execute_command to a market-insight workflow that primarily needs search, retrieval, and structured analysis. Unnecessary shell execution expands the attack surface significantly: prompt-injected content, fetched web data, or ambiguous user requests could cause the agent to run local commands, access sensitive environment data, or chain into broader system compromise.
