Context-Inappropriate Capability
Medium
- Confidence
- 83% confidence
- Finding
- The documented workflow expands the skill from vault access into browsing arbitrary external sources based on note contents, which creates an unnecessary capability boundary violation. If an attacker can influence the source note, they may induce the agent to visit untrusted URLs, causing data exfiltration, prompt injection exposure, or unreviewed network access outside the skill's stated purpose.
