Having no full paths for the cmd set in doas.conf means that every user permitted to run the command can run any script with root-privileges. So in your example every user beeing in :wheel can run anything with root-privileges without being prompted for a passwort. All she has to do is change her own $PATH to show up the prepared script first.
Try the following:
echo -e "#!/bin/sh\necho Who am I?\nid" > /tmp/netcardmgr
chmod 777 /tmp/netcardmgr
PATH=/tmp:$PATH
doas netcardmgr
Having no full paths for the cmd set in doas.conf means that every user permitted to run the command can run any script with root-privileges. So in your example every user beeing in :wheel can run anything with root-privileges without being prompted for a passwort. All she has to do is change her own $PATH to show up the prepared script first. Try the following: