Intent-Code Divergence
Medium
- Confidence
- 97% confidence
- Finding
- The document states that the scripts 'only output text' and 'don't modify files or run commands,' but the configuration explicitly registers shell scripts as command hooks. That mismatch can cause operators to underestimate the trust boundary and deploy the hooks with broader permissions than intended, increasing the risk of code execution or side effects if the scripts are changed, replaced, or behave unexpectedly.
