Intent-Code Divergence
Medium
- Confidence
- 96% confidence
- Finding
- The documentation asserts the tool is 'zero dependency' and that files never leave the local machine, yet later states it relies on external CDN-hosted libraries and network access. That mismatch can mislead users into trusting the tool with sensitive files under false assumptions, and CDN-loaded JavaScript introduces a supply-chain and data-exposure risk inconsistent with the stated privacy model.
