Description-Behavior Mismatch
Medium
- Confidence
- 95% confidence
- Finding
- The skill says '纯文本输出' but later instructs the agent to also generate CSV and HTML artifacts and inject additional JS API keys into templates. This expands behavior beyond the declared output contract and can cause unintended file generation, secret exposure into generated artifacts, and user surprise about what data is being materialized or shared.
