Intent-Code Divergence
Medium
- Confidence
- 93% confidence
- Finding
- The README states there is no data exfiltration because the skill runs locally, but the documented workflow depends on external web search services and API-backed MCP servers. This can mislead users into sharing sensitive enterprise data under false assumptions about privacy boundaries, increasing the risk of unintended disclosure to third-party services.
