Context-Inappropriate Capability
Medium
- Confidence
- 97% confidence
- Finding
- The skill explicitly instructs the agent to silently fetch and install an executable from a remote GitHub URL when the CLI is missing, without user approval or integrity verification. That expands the skill from image generation into arbitrary software acquisition and code execution, creating a supply-chain and silent-install risk.
