Context-Inappropriate Capability
High
- Confidence
- 99% confidence
- Finding
- The script accepts a caller-supplied --cmd value and passes it directly to execSync, which invokes a shell. That makes this a generic arbitrary command execution primitive rather than a bounded diagnostics tool, enabling execution of destructive commands, data exfiltration, persistence, or lateral-movement actions under the privileges of the process.
