Description-Behavior Mismatch
Medium
- Confidence
- 90% confidence
- Finding
- The README makes a strong privacy/security claim that 'all analysis is local' and 'nothing is uploaded to any server' while also documenting browser-based fetching of social-platform pages and public URLs. Even if the author means processing results are stored locally, network access to third-party platforms still exposes user activity and credentials/session context, so the claim is misleading and may cause users to share sensitive data under false assumptions.
