Intent-Code Divergence
Medium
- Confidence
- 93% confidence
- Finding
- The skill labels SMTP recipient probing as "zero risk" even though it actively opens network connections to third-party mail servers and issues SMTP commands to test whether specific addresses exist. That can violate acceptable-use policies, trigger detection/rate limits, and normalize unsafe outbound behavior by misleading operators about the real risk profile.
