Description-Behavior Mismatch
Medium
- Confidence
- 94% confidence
- Finding
- The file adds IAM identity and permission-auditing commands to a skill described as a VPC networking audit. Even though the commands are read-only, they extend the operational scope into IAM enumeration and privilege analysis, which violates least-privilege expectations and can expose sensitive account and permission metadata during use.
