Context-Inappropriate Capability
Medium
- Confidence
- 93% confidence
- Finding
- The installer downloads a platform-specific executable from the internet and places it into the skill directory, but it does not verify a checksum, signature, or pinned artifact digest before marking it executable. If the release asset, GitHub account, transport path, or version target is tampered with, users could install and run an untrusted binary, leading to arbitrary code execution on the host.
