Intent-Code Divergence
Medium
- Confidence
- 93% confidence
- Finding
- The module documentation explicitly says writing to /tmp is forbidden and that failure should occur if the current directory is not writable, but the implementation falls back to home and temporary directories. In a skill environment, this can cause sensitive API responses to be persisted in unexpected locations, weakening operator expectations and potentially exposing data to broader filesystem scopes.
