Description-Behavior Mismatch
Medium
- Confidence
- 93% confidence
- Finding
- The skill overrides the CLI's documented stdout default by mandating creation of a derived output directory, which changes data-handling semantics without user consent. For a document-parsing skill, this can cause extracted sensitive content to be silently persisted on disk in a predictable location, increasing exposure through local disclosure, backups, or later reuse by other tools.
