Context-Inappropriate Capability
High
- Confidence
- 99% confidence
- Finding
- The documentation explicitly recommends using eval() to parse the Location field, which turns untrusted CLI output into executable Python code. If the output is malformed, spoofed, or influenced by a compromised dependency/tool, this can lead to arbitrary code execution on the host, which is far beyond the skill's intended purpose of reading device metadata.
