Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 92% confidence
- Finding
- The skill is presented as a GDPR compliance helper, but the documented behavior is a generic local logging toolkit that accepts and persists arbitrary free-form input across many categories. In a privacy/compliance context, this mismatch is dangerous because users may trust it as a specialized audit tool and end up storing sensitive personal, security, or compliance data locally without safeguards, validation, minimization, or clear scope boundaries.
