Context-Inappropriate Capability
Medium
- Confidence
- 91% confidence
- Finding
- The skill instructs the agent to execute OS-specific commands like `open`, `xdg-open`, or `start` to launch a browser locally. That exceeds a model-selection skill’s scope and causes side effects on the host environment, which is risky because the URL originates from CLI output and the agent is told to run the command automatically rather than obtain explicit consent first.
