Description-Behavior Mismatch
Medium
- Confidence
- 92% confidence
- Finding
- The script performs live browser automation against unusualwhales.com even though the skill metadata describes a Yahoo Finance-powered stock analysis tool. This creates a scope and trust mismatch: users may believe data comes only from yfinance while the skill silently contacts a separate third-party site, exposing network metadata and introducing dependence on an unvetted external service with dynamic content.
