Description-Behavior Mismatch
High
- Confidence
- 99% confidence
- Finding
- This parsing utility performs dependency bootstrapping at runtime by invoking `npm install gray-matter` if the package is missing. For a skill whose stated purpose is only front-matter parsing, silently modifying the environment and fetching code from the network is dangerous because it executes an external package manager, expands the trust boundary, and can lead to supply-chain compromise or unexpected system changes.
