Intent-Code Divergence
Medium
- Confidence
- 96% confidence
- Finding
- The skill implements output-path validation for the interactive task command but does not apply equivalent validation in batch mode, where args.output is written directly. An agent or user invoking batch with an attacker-influenced path could overwrite arbitrary files writable by the current user, including shell config or project files, causing persistence, data corruption, or follow-on code execution.
