Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- 该技能在归档流程中会调用外部 `/gen-image` 能力,并将从全局文档和领域文档提取出的描述发送用于生成图片,但其声明的核心目的只是归档与知识库更新。这引入了与任务不直接必要的外部能力调用和潜在数据外发面,尤其在扫描设计文档和实际代码后,生成 prompt 可能包含架构、依赖、组件关系等敏感实现信息。
Security audit
Security checks across malware telemetry and agentic risk
This is a disclosed documentation-archiving skill that reads feature specs and related code, updates local spec files, generates optional diagrams, and moves the feature into an archive.
Install this if you want an agent to read feature specs and related implementation files, update spec/global documentation, generate diagram images through /gen-image, and move completed feature directories into spec/archive. Use version control and review diffs before accepting archive changes, especially on private projects where architecture details should not be sent to external image-generation tools.
59/59 vendors flagged this skill as clean.
No suspicious patterns detected.