Intent-Code Divergence
Medium
- Confidence
- 91% confidence
- Finding
- The skill tells users credentials are not stored in plaintext, but later requires automatic re-login on 401 while only documenting storage of the access token. That inconsistency is security-relevant because it creates ambiguity about whether passwords will actually be retained somewhere, or whether token refresh will fail and prompt unsafe ad hoc handling of credentials.
