Description-Behavior Mismatch
Medium
- Confidence
- 95% confidence
- Finding
- The skill documentation is largely placeholder text and does not explain the actual purpose, permitted inputs, outputs, or safety boundaries of the skill. In combination with the documented generic POST-forwarding behavior, this creates a deceptive or underspecified interface that could cause an agent or user to send sensitive data to an external endpoint without understanding why.
