Description-Behavior Mismatch
Medium
- Confidence
- 95% confidence
- Finding
- The reference guide expands the skill from a local SQLite taskboard into a credentialed GitHub integration that requires a repo-scoped token and performs remote API operations. This creates a capability mismatch with the stated 'no external dependencies or credentials' scope, increasing the chance that users or agents will enable networked behavior without appropriate review, consent, or guardrails.
