Description-Behavior Mismatch
Medium
- Confidence
- 88% confidence
- Finding
- The manifest and workflow claim the skill is read-first and MOC-gated for writes, but the documented tool surface includes write-adjacent and exfiltration-capable operations such as historian_push, export_data, stream_publish, and stream_publish_event. In a semiconductor/display fab context, this mismatch can mislead an agent or operator into assuming the skill is inherently safe while still enabling data movement or indirect state-changing actions, increasing the risk of unauthorized production-impacting actions or sensitive manufacturing data leakage.
