Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 80% confidence
- Finding
- The skill documentation promises local HTML-to-image/PDF rendering, but it also exposes the HTML file's directory through a localhost HTTP server. Even though it binds to 127.0.0.1, this expands access from a single file read to serving potentially adjacent files in that directory, and the undeclared behavior can violate least-privilege expectations. The claimed PDF support without matching implementation is also dangerous because users may rely on unsupported behavior and apply the skill in ways that bypass review or validation.
