Context-Inappropriate Capability
Medium
- Confidence
- 97% confidence
- Finding
- The skill allows a caller to set `ollama.host`/`--ollama-host`, and `httpRequest()` will POST the user's prompt to any HTTP or HTTPS endpoint, not just a trusted local Ollama instance. That creates an unintended outbound data exfiltration channel and SSRF-like behavior, especially risky because prompts may contain sensitive user data and the skill's stated purpose is image generation, not arbitrary network transmission.
