Context-Inappropriate Capability
Medium
- Confidence
- 98% confidence
- Finding
- The script accepts a user-controlled --build-cmd value and executes it with eval, which enables arbitrary shell command execution in the privileges and environment of whoever runs the skill. In an agent/automation context this is especially dangerous because the command can read local files, exfiltrate credentials, modify the workspace, or chain into further compromise.
