Description-Behavior Mismatch
Medium
- Confidence
- 88% confidence
- Finding
- The manifest presents the skill as a hiring-platform integration, but the code also performs authentication and API-key creation via `send_code` and `login-and-create-key`. This expands the capability surface into account access and credential issuance, which is sensitive and can surprise users or calling agents that expect only marketplace operations.
