Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- The skill includes explicit bash/Python command snippets for odds conversion even though the skill’s purpose is text/image parsing. In an agentic environment, documentation that normalizes command execution can cause the agent to invoke shell unnecessarily on user-controlled input, expanding the attack surface to command execution and tool misuse.
