Description-Behavior Mismatch
Medium
- Confidence
- 91% confidence
- Finding
- The skill’s advertised purpose is a generic build-queue workflow, but it silently introduces remote SSH/HTTP interaction with a specific host and requires orchestration of an external system ('Jinx'). That expands the skill’s operational scope into networked command execution and data exchange, which can expose project context or trigger unintended remote actions without informed user consent.
