Context-Inappropriate Capability
Medium
- Confidence
- 91% confidence
- Finding
- The skill includes an exec-maven-plugin example that runs `bash` against a project-local script during `generate-sources`, which normalizes subprocess execution inside the build without any warning, trust boundary discussion, or constraints. In a build-configuration skill, this is risky because users may copy the pattern into CI or local builds and unintentionally permit arbitrary script execution from the repository.
