Context-Inappropriate Capability
Medium
- Confidence
- 93% confidence
- Finding
- The script invokes OS-level application launchers via execSync to open the generated directory, introducing local side effects beyond simple content generation. Even though the path is internally derived, automatically spawning local applications increases attack surface and can surprise users or be abused in automation contexts where any unsolicited local execution is undesirable.
