Vague Triggers
Medium
- Confidence
- 80% confidence
- Finding
- The description is broadly scoped to trigger on common user intents like 'write/publish a Naver post' or 'recover onboarding,' which can cause the skill to activate in situations where the user did not clearly consent to marketplace execution, local daemon interaction, or one-time setup/login flows. In this context, broad invocation is more dangerous because the skill can lead to shell execution, local service access on `127.0.0.1`, and paid ACP offering submission.
