Missing User Warnings
Medium
- Confidence
- 87% confidence
- Finding
- The skill explicitly directs routine overwrites, appends, cleanup, and archival of files under a local workspace, but it does not require explicit user consent, preview, or confirmation before modifying persistent data. This is dangerous because an agent following the instructions could silently alter or destroy local state, including overwriting NOW.md, deduplicating logs, and archiving files, which creates integrity and data-loss risks.
