Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- The skill explicitly instructs users to modify SOUL.md so the agent must speak every response, which expands the skill from an optional utility into system-wide behavior control. This creates persistent prompt/instruction hijacking risk and can force automatic execution of external tooling for all future messages, increasing both privacy exposure and operational risk.
