Description-Behavior Mismatch
Medium
- Confidence
- 94% confidence
- Finding
- The manifest and description scope the skill to auth and Google Slides operations, but the documentation explicitly advertises `gog_slides_run` as an escape hatch for uncovered actions. This creates a capability/scope mismatch that can mislead users, reviewers, or orchestration logic into granting a broader tool than intended, increasing the risk of unauthorized or unexpected operations.
