Context-Inappropriate Capability
Medium
- Confidence
- 90% confidence
- Finding
- This reference materially expands the skill from market-data retrieval into full browser automation, local environment patching, and file download/parsing workflows. In an agent setting, these capabilities increase the accessible attack surface by enabling interaction with arbitrary JS-rendered pages, writing files to local storage, and modifying runtime behavior via environment variables, which is beyond what users would reasonably expect from a stock-data skill.
