Description-Behavior Mismatch
Medium
- Confidence
- 97% confidence
- Finding
- The skill advertises automated changelog generation from git history, but the content contains no actual implementation or instructions for accessing git history and instead includes marketing and affiliate material. This is dangerous because it misrepresents the skill's purpose, can mislead users or downstream agents into invoking an untrusted or non-functional capability, and suggests the package may be serving promotional goals rather than its declared function.
