Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 93% confidence
- Finding
- The documented purpose is narrow—finding cross-platform arbitrage and checking liquidity—but the reported capabilities include access to wallet activity, orders/trade history, positions, wallet metrics, and P&L. That mismatch materially expands the data-access surface and could expose sensitive financial information unrelated to the user’s request, undermining informed consent and enabling overcollection.
