Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- The skill explicitly instructs the agent to leave the MCP tool boundary and run a local `curl` command that reads a local file path and transmits its contents to a URL returned at runtime. That expands capability from controlled API calls to shell and filesystem access, which is dangerous because a compromised or unexpected `upload_url` could cause exfiltration of arbitrary local files or normalize unsafe command execution patterns.
