Context-Inappropriate Capability
Medium
- Confidence
- 88% confidence
- Finding
- The embedded code performs outbound network requests to a configurable API endpoint and then fetches arbitrary audio URLs returned by that service, finally writing files to a user-specified path. In a skill whose stated role is composition assistance and prompt generation, this materially increases capability and creates risk of untrusted network access, server-side request abuse via malicious returned URLs, and unsafe file writes.
