Description-Behavior Mismatch
Medium
- Confidence
- 86% confidence
- Finding
- The documented workflow adds Feishu file delivery even though the skill is presented as a local document-to-CSV converter, introducing an undocumented external data transfer path. Because CRF and protocol-derived CSVs may contain sensitive clinical or subject-related information, this creates a meaningful risk of unintended disclosure or compliance violations.
