Intent-Code Divergence
Medium
- Confidence
- 96% confidence
- Finding
- The guide explicitly says it does not require credentials and that the sandbox needs no API key, yet the examples instantiate a Bearer-token client and direct requests to an external service. That mismatch can cause users or downstream agents to trust the document as low-risk while actually supplying credentials and transmitting operational or financial data off-platform.
