Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- The install instructions require the agent to read a local README.md after installation and echo it back verbatim to the user. Because that README is treated as untrusted local content, this creates a direct exfiltration path for unrelated local documentation, embedded secrets, or hidden prompt-injection text that has nothing to do with invoice reimbursement.
