Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 85% confidence
- Finding
- The skill claims to be a local deterministic knowledge base, but the observed behavior includes broader software installation and bootstrap activity, including fetching and installing external components and promoting additional tooling. This mismatch is dangerous because users may trust the declared purpose and run setup steps that introduce unreviewed code execution, dependency-chain risk, and expanded attack surface beyond a simple local knowledge base.
