Intent-Code Divergence
Medium
- Confidence
- 88% confidence
- Finding
- The README makes a concrete security/privacy claim that auxiliary scripts only read local JSON and do not collect personal information, but elsewhere documents interfaces that accept raw dream text and image paths/URLs. Even if no exfiltration occurs, this is a misleading assurance that can cause users to disclose sensitive personal or location-related data under false assumptions about the data surface.
