Intent-Code Divergence
Medium
- Confidence
- 94% confidence
- Finding
- The document states that the scripts 'only output text' and 'don't modify files or run commands,' but the configured hooks explicitly invoke shell scripts as commands. That mismatch can cause operators to underestimate execution risk and grant broad trust to code that runs automatically on prompt submission or after tool use, increasing the chance of unsafe script behavior going unnoticed.
