Description-Behavior Mismatch
Low
- Confidence
- 84% confidence
- Finding
- The skill includes operational instructions to clone external GitHub repositories and inspect repository state. In an agent context, this expands the trust boundary to unpinned remote content and can trigger unintended network access or local workspace changes if the user asks to initialize assets, which is risky for a skill that is otherwise framed as analysis/orchestration.
