Intent-Code Divergence
Medium
- Confidence
- 94% confidence
- Finding
- The document asserts the skill is fixed in v2.2.0, but the deployment instructions still require manually copying a separate secure handler over the existing command handler. This creates a real security gap: users may believe they are protected after upgrading while continuing to run the vulnerable handler if they miss or misunderstand the manual replacement step.
