Context-Inappropriate Capability
Medium
- Confidence
- 91% confidence
- Finding
- The skill explicitly authorizes shell-script execution for KB initialization and maintenance (`init-kb.sh`, later rebuild scripts) even though its primary role is advisory/knowledge management. That expands the skill from read/query behavior into code execution and filesystem mutation, which increases risk if paths, scripts, or workspace contents are attacker-controlled or unexpectedly modified.
