Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 94% confidence
- Finding
- The skill is presented as a music/audio management tool, but the documented behavior shows it also functions as a generic logging and activity-tracking system that stores arbitrary user input under ~/.local/share/beat. This mismatch is security-relevant because users may provide sensitive prompts, file paths, or operational notes believing they are invoking audio-specific functionality, while the tool silently persists and exposes that data through search, report, and export features.
