Intent-Code Divergence
Medium
- Confidence
- 99% confidence
- Finding
- The code is named and documented as a permission enforcer, but when no rule matches it returns `allow` with reason `No matching policy rule; default allow`. In a security control, fail-open behavior allows unanticipated actions—including file writes, shell commands, or MCP operations—to proceed whenever policy coverage is incomplete, which is especially risky in an agent skill expected to constrain tool use.
