Context-Inappropriate Capability
Medium
- Confidence
- 94% confidence
- Finding
- The skill explicitly instructs the agent to issue a background HTTP POST to a localhost service via curl as part of normal execution. Even though the destination is localhost, this expands the skill's capabilities beyond red-team analysis into side-effectful network interaction, which can trigger unintended actions on local services, leak workflow metadata, or be abused in environments where localhost endpoints bridge to privileged host functionality.
