Context-Inappropriate Capability
Medium
- Confidence
- 92% confidence
- Finding
- The manifest requests shell access for a skill described as performing ecommerce image editing tasks, but the manifest provides no clear operational need for arbitrary command execution. Shell capability materially expands the attack surface because any prompt-injection, compromised workflow, or unsafe downstream instruction could turn this permission into filesystem access, tool abuse, credential exposure, or execution of system commands unrelated to image processing.
