Context-Inappropriate Capability
Medium
- Confidence
- 96% confidence
- Finding
- The skill directs the agent to run `git pull`/`git clone` against an external repository during normal execution, which expands behavior from portfolio analysis into unbounded network and code/content retrieval. Even if the repo is intended only as data, fetching remote content at runtime introduces supply-chain risk, prompt injection through repository files, and unauthorized network side effects not clearly constrained by the skill scope.
