Intent-Code Divergence
Medium
- Confidence
- 96% confidence
- Finding
- The skill includes `ssh -o StrictHostKeyChecking=no user@hostname` as an override/common troubleshooting command, which disables SSH host key verification and makes man-in-the-middle attacks materially easier. In a skill explicitly framed around secure remote access, presenting this bypass as a ready-to-use example increases the chance users normalize an unsafe practice during real connections.
