Context-Inappropriate Capability
High
- Confidence
- 99% confidence
- Finding
- The skill explicitly instructs operators to run FlyAI commands with `NODE_TLS_REJECT_UNAUTHORIZED=0`, which disables TLS certificate validation. This makes HTTPS connections vulnerable to man-in-the-middle interception or modification, especially dangerous here because the skill fetches external travel content and may process user itinerary and profile data.
