Context-Inappropriate Capability
High
- Confidence
- 96% confidence
- Finding
- The skill requires a global npm install/upgrade of FlyAI CLI before use, which modifies the host environment and introduces code execution from the network that is not necessary for a destination-recommendation workflow. In this context, forcing installation of external software expands the attack surface and could expose users to supply-chain compromise or unintended system changes.
