Context-Inappropriate Capability
Medium
- Confidence
- 97% confidence
- Finding
- The script builds a shell command with string interpolation and passes untrusted report content into execSync. Because the report includes log lines and cron error text read from local files, an attacker who can influence those inputs may inject shell metacharacters or break quoting, leading to arbitrary command execution under the privileges of the analyzer.
