Description-Behavior Mismatch
Medium
- Confidence
- 94% confidence
- Finding
- The README describes a much broader document-processing and application-management CLI than the skill metadata advertises. This scope mismatch is security-relevant because an agent or user may invoke capabilities such as generic parsing, remote URL handling, task querying, or custom app management that exceed the expected invoice-only extraction boundary, increasing the chance of unintended data exposure or misuse.
