Description-Behavior Mismatch
High
- Confidence
- 95% confidence
- Finding
- The documentation materially expands the skill from browser-scoped CDP automation to a separate API-driven workflow using persisted session state, which changes the trust and security boundary without clearly declaring it. This is dangerous because users may approve a browser automation skill while the documented behavior actually enables direct authenticated requests and local credential reuse, increasing the risk of account misuse and unauthorized actions.
