Context-Inappropriate Capability
High
- Confidence
- 95% confidence
- Finding
- The skill instructs the agent to install global tooling and execute shell commands in response to document-read failures, which materially expands its power beyond simple document publishing. This creates supply-chain and host-modification risk, and could lead to unauthorized software installation, credential exposure through CLI auth flows, or execution in environments where such actions are unsafe or prohibited.
