Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- The skill performs remote code execution by piping a downloaded Homebrew installer script directly into bash. That expands the skill from Java version switching into arbitrary software bootstrap and executes network-fetched code without integrity verification or an explicit approval checkpoint, which is dangerous if the URL, transport, or upstream content is compromised.
