Intent-Code Divergence
Medium
- Confidence
- 89% confidence
- Finding
- The skill explicitly tells the agent to avoid stopping on authentication failures and to launch `settlemesh login` itself, which can trigger browser-based session establishment without a clear prior user approval step. That creates a risky automation boundary: the agent is encouraged to acquire or refresh authenticated access on the user's behalf, potentially causing unintended account linkage or spending enablement.
