Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 81% confidence
- Finding
- The skill description overstates and understates behavior in ways that can mislead users and higher-level policy systems: it claims .mount support without showing corresponding generation, and it permits writing output to arbitrary local files via --output without clearly surfacing that behavior in the description. In an agent setting, capability-description mismatch is security-relevant because it can bypass operator expectations and enable unintended modification of local files if the agent is allowed to use the skill autonomously.
