Context-Inappropriate Capability
Medium
- Confidence
- 94% confidence
- Finding
- The document includes concrete privileged operational procedures such as SSH as root, rsync/scp to production, Docker lifecycle control, and direct SQL execution against the live database. Even though presented as ops guidance, embedding these actions in a broadly accessible skill materially lowers the barrier to unauthorized or destructive administration if the skill is exposed to untrusted users or an agent follows it blindly.
