Missing User Warnings
Medium
- Confidence
- 97% confidence
- Finding
- The skill explicitly instructs use of `POST /exec` to send unrestricted raw Python, notes that raw Python is allowed, and states code length is not capped. In a bridge that controls Fusion 360 and can be reached over HTTP, this creates a direct remote code-execution pathway in the Fusion process and potentially on the host, yet the documentation omits strong warnings, authentication expectations, or safety boundaries.
