Context-Inappropriate Capability
Medium
- Confidence
- 79% confidence
- Finding
- The skill starts an unauthenticated HTTP server bound to 0.0.0.0 and exposes file-processing endpoints to the network. That materially expands the attack surface beyond pure local audio synthesis and allows any reachable client to invoke expensive processing and file-write operations.
