Context-Inappropriate Capability
High
- Confidence
- 98% confidence
- Finding
- The script downloads and immediately executes a remote shell script using `curl ... | bash`, which gives the remote content full code-execution privileges on the user's machine. In the context of an installer for a context-database skill, this is especially risky because the fetched script is unpinned, unaudited at install time, and could be changed upstream or replaced if the source is compromised.
