Context-Inappropriate Capability
Medium
- Confidence
- 91% confidence
- Finding
- The CLI silently spawns a detached background update-check process on successful calls, copying and executing a local script outside the user’s immediate command flow. Even though intended for auto-update hygiene, hidden subprocess execution expands the skill’s behavior beyond financial queries and creates a supply-chain and user-consent risk if the update script or skill directory is tampered with.
