Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- The skill exposes shell-script execution paths (`export-report.sh` and `style-check.sh`) even though the document is primarily a writing-analysis skill. This expands the attack surface from text processing into command execution, and if those scripts consume untrusted filenames or content, they could enable command injection, arbitrary file access, or unsafe local execution.
