Intent-Code Divergence
High
- Confidence
- 97% confidence
- Finding
- The header claims the tool only performs normal UI actions and does not tamper with requests, but the implementation goes beyond ordinary UI automation by extracting a secret key and decrypting protected server responses. This mismatch is dangerous because it conceals materially riskier behavior from reviewers and users, reducing informed consent and increasing the chance the tool is deployed in violation of site protections or policy.
