Context-Inappropriate Capability
Medium
- Confidence
- 92% confidence
- Finding
- The prompt explicitly authorizes shell commands, local HTTP serving, Node-based pipeline execution, and GitHub API access. For a design/spec generation skill, this meaningfully expands capabilities beyond core rendering/spec tasks and can be abused to access repository contents, execute unintended commands, or operate on local files if an attacker steers the model via task input.
