Description-Behavior Mismatch
Medium
- Confidence
- 84% confidence
- Finding
- The manifest promises that analyzed source files will not be modified unless edits are explicitly requested and confirmed, but the skill's default behavior is to create a new project file and can also insert content into README.md under configuration. This mismatch can cause users or downstream systems to trust the skill as read-only when it actually performs writes, increasing the risk of unintended repository modifications.
