Description-Behavior Mismatch
Medium
- Confidence
- 95% confidence
- Finding
- The script explicitly advertises and implements deletion of all zellij sessions in a data directory, which is a destructive capability outside the stated skill purpose of remote-controlling sessions and scraping pane output. In an agent context, adding bulk session-destruction increases operational risk because it can terminate unrelated user workflows or erase active state if invoked against a shared or attacker-influenced data directory.
