Context-Inappropriate Capability
Medium
- Confidence
- 86% confidence
- Finding
- The script invokes a shell command via execSync to run a nested Node process for network retrieval, which introduces an unnecessary process-spawning capability in a helper that could fetch data directly in-process. In an automation skill that handles content creation and publishing, extra execution primitives increase attack surface and make later command-injection or environment-abuse bugs more dangerous.
