Intent-Code Divergence
Medium
- Confidence
- 95% confidence
- Finding
- The skill explicitly claims the audit is "read-only," but the documented workflows create directories and write multiple audit artifacts and templates to disk via mkdir, tee redirections, and here-doc output. This mismatch is dangerous because operators may grant access or run the skill under a false assumption about side effects, which can affect integrity, storage handling, and retention of sensitive audit data.
