Context-Inappropriate Capability
Medium
- Confidence
- 89% confidence
- Finding
- The skill instructs use of the general-purpose exec tool to delete files and resolve paths, even though webpage-to-PDF conversion should be achievable with narrower file-management primitives. Introducing shell execution expands the attack surface: if file paths are malformed, attacker-influenced, or substituted, the agent could run unintended commands or delete unintended files.
