Intent-Code Divergence
Medium
- Confidence
- 89% confidence
- Finding
- The reference exposes a generic `query` command that appears capable of executing arbitrary SQL while only stating in prose that SQL 'should be used for reads only.' In a skill that instructs an agent to operate on a live local SiYuan instance, this creates a real risk that an LLM or user could issue destructive write statements, causing note, block, or database corruption.
