Description-Behavior Mismatch
High
- Confidence
- 99% confidence
- Finding
- This is a real confidentiality vulnerability. When a session is detected as a group chat but no group mapping exists, the code intentionally falls back to composeApmContext(), which loads DM-only memory from memory/main/* and daily notes, despite the file's own privacy rules stating group chats must never see that data. In this skill context, that is especially dangerous because the entire protocol is designed around strict separation between private DM memory and shared group memory, so the fallback directly defeats the stated trust boundary.
