Intent-Code Divergence
Medium
- Confidence
- 95% confidence
- Finding
- This script is not a neutral document-generation utility: it automatically sends a hard-coded outbound email to a specific recipient with a personal sign-off, while presenting itself as a generic mail skill. In an agent-skill context, that mismatch is dangerous because it can covertly use configured email credentials to contact an unintended third party without the operator's explicit awareness or consent.
