Context-Inappropriate Capability
Medium
- Confidence
- 87% confidence
- Finding
- The workflow instructs the skill to inspect another installed skill's SKILL.md and infer its capabilities before proceeding. That expands the skill's access beyond comic creation into enumerating and reasoning about other local components, which can expose environment details and create cross-skill trust and prompt-injection risks if those files contain adversarial content. In this context, reading another skill may be operationally useful, but it still violates least privilege.
