Description-Behavior Mismatch
Medium
- Confidence
- 93% confidence
- Finding
- The skill is described as enforcing payment checks before funds leave a wallet, but it also exposes full policy-administration operations including creation, modification, and deletion of policies and rules. In an agent setting, this significantly broadens the authority surface: a caller expecting a read/check tool could instead weaken or remove protections, enabling subsequent unauthorized payments.
