Scope Creep
Medium
- Confidence
- 96% confidence
- Finding
- The declared contract says the skill only writes LearningEntry and ImprovementHypothesis, but later behavior includes updating templates and configuration. This mismatch breaks least-privilege expectations and can cause downstream systems or users to authorize the skill under false assumptions, enabling broader persistent changes than advertised.
