Intent-Code Divergence
Medium
- Confidence
- 92% confidence
- Finding
- The skill states that agents should never create forwarding, redirect, or delete rules because they can silently exfiltrate mail or destroy data, but then weakens that stance by allowing forwarding if the user confirms a destination. In an agent setting, that exception is dangerous because a compromised runtime, prompt injection, or user-confusion scenario could still result in persistent mailbox exfiltration through inbox rules.
