Context-Inappropriate Capability
Low
- Confidence
- 87% confidence
- Finding
- The script’s stated security model is local-first verification using a bundled key registry, but `SAR_KEYS_REGISTRY_PATH` allows the trust store to be silently replaced at runtime. If an attacker can influence the environment or invocation context, they can point verification at an attacker-controlled registry and make forged receipts appear valid under attacker-chosen keys.
