Context-Inappropriate Capability
Medium
- Confidence
- 96% confidence
- Finding
- The skill instructs the agent to write and launch a persistent background polling process on the local system, which exceeds the stated telephony/API interaction scope and introduces host-side code execution and persistence. This is dangerous because it can consume resources, create hard-to-audit long-running processes, and normalize terminal actions unrelated to the user’s immediate request without an explicit safety boundary or separate consent.
