Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 95% confidence
- Finding
- The skill metadata advertises a Python SDK for agent observability, but the documented behavior is a Bash CLI that persistently logs arbitrary command arguments to local files, supports search, export, and history inspection, and targets RAG evaluation specifically. This mismatch can mislead users and downstream systems into invoking the skill with sensitive prompts, tokens, or experiment data under the assumption it is a benign SDK wrapper, causing unintended local data retention and disclosure.
