Description-Behavior Mismatch
Medium
- Confidence
- 97% confidence
- Finding
- The skill instructs the agent to write an HTML file into the workspace, creating a filesystem side effect that is not disclosed in the manifest’s declared outputs or tool surface. Undisclosed file writes are dangerous because they can overwrite artifacts, leak sensitive diagnostic data into persistent storage, or be chained with downstream automation that trusts workspace contents.
