Context-Inappropriate Capability
Medium
- Confidence
- 90% confidence
- Finding
- The skill explicitly recommends using `apt-get install ffmpeg` as a fallback, which expands its behavior from media processing into system package installation. Allowing an agent skill to install OS packages increases the attack surface, can modify the runtime environment unexpectedly, and may violate sandbox or least-privilege assumptions even if the stated purpose is only video production.
