Context-Inappropriate Capability
Medium
- Confidence
- 87% confidence
- Finding
- The skill executes multiple external binaries (pdftoppm, tesseract, soffice) and later launches a separate Python generator from a user-supplied --generator path. In an agent setting, this expands the trust boundary significantly: a caller can cause execution of unexpected local programs or malicious helper scripts, which is dangerous even though the purpose appears operational rather than overtly malicious.
