Intent-Code Divergence
Medium
- Confidence
- 95% confidence
- Finding
- The skill explicitly tells agents to use the installed `memos-cli` binary and not `go run .`, yet the admin workflow contradicts that guidance by invoking `go run .`. In an agent setting, this can cause execution of arbitrary local repository code rather than the intended installed CLI, which is riskier because the repository contents may be modified, unreviewed, or attacker-controlled.
