socket package score --markdown: duplicate '### Capabilities' header in transitive section (first is mislabeled)

[mtorp]

Summary

socket package score --markdown emits ### Capabilities twice in the Transitive Package Results section, and the first one is mislabeled — its body is the lowest-scoring package per score category list, not capabilities.

Where

src/commands/package/output-purls-deep-score.mts (transitive branch, if (dependencyCount)):

o.push('### Deep Score')                 // ~line 150
...
o.push('### Capabilities')               // line 166  ← WRONG label
o.push('These are the packages with the lowest recorded score. If there is more than one with the lowest score, just one is shown here. This may help you figure out the source of low scores.')
o.push(`- Overall: ${lowest.overall}`)   // lowest-scoring packages per category
...
o.push('### Capabilities')               // line 179  ← the real Capabilities section
o.push('These are the capabilities detected in at least one package:')
...
o.push('### Alerts')                     // line 193

So a generated report contains two ### Capabilities headers back-to-back, the first of which describes lowest-scoring packages.

Impact

• Confusing/duplicated headings in the --markdown report (and duplicate anchors if rendered).
• Surfaced while auditing the docs: the docs example faithfully reproduces this output, so the docs currently show two ### Capabilities in the transitive section too.

Suggested fix

Rename the line-166 header to match its content, e.g.:

-  o.push('### Capabilities')
+  o.push('### Lowest scoring package per category')
   o.push('These are the packages with the lowest recorded score. ...')

(Any clear label works — "Lowest scoring package per category" / "Lowest scoring packages by metric" / "Biggest score detractors".) Once changed, I'll update the docs example (docs/Socket CLI/test/socket-package.md) to match.

Found during the SocketDev/docs accuracy audit.