Description-Behavior Mismatch
Medium
- Confidence
- 91% confidence
- Finding
- The configuration enables management-style capabilities such as drive_management, wiki_access, and permission_management while the declared OAuth scopes are read-only. This mismatch can cause the surrounding application or operators to assume stronger access exists, leading to insecure fallback behavior, overbroad code paths, or later permission expansion without proper review.
