Context-Inappropriate Capability
Medium
- Confidence
- 97% confidence
- Finding
- The skill explicitly instructs the agent to perform `git commit + push`, which crosses from workflow guidance into external side-effect execution by modifying and transmitting repository state to a remote. In an agent context, `git push` can publish unreviewed code, secrets, or sensitive history without explicit per-task user authorization, making this materially risky.
