Context-Inappropriate Capability
Medium
- Confidence
- 85% confidence
- Finding
- The documented JavaScript backend extends the skill from GUI automation into browser/Electron DOM and runtime inspection, including access to page text, structured DOM queries, and some Electron process metadata. In an agent context, that broadens data-access capability beyond what a user may expect from a GUI-driving skill and can expose sensitive page contents or local runtime information if invoked on the wrong target.
