Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 91% confidence
- Finding
- The documented purpose is a generic security scanner, but the analysis indicates additional policy-enforcement behavior such as checking for specific files, forbidden paths, and package policies unrelated to the stated scope. Hidden or under-disclosed enforcement logic is dangerous because it can be used to manipulate workspace assessments, trigger false critical findings, or impose opaque policy decisions users did not consent to.
