Intent-Code Divergence
Medium
- Confidence
- 91% confidence
- Finding
- The skill first says to ask the user before doing anything, then later instructs the agent to always run multiple MCP calls first. Contradictory instructions increase the chance an agent will perform networked reads against a live WordPress site without clear user consent, which can expose site metadata and violate least-astonishment. In a tool-using agent, ambiguous precedence is a real safety flaw because the model may follow the more specific operational block instead of the earlier guardrail.
