Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 88% confidence
- Finding
- The skill description materially understates and misstates behavior: it modifies local order data, writes logs, and reads SMTP credentials from another skill's `.env`, while claiming unsupported features like order creation and Discord notifications. This kind of mismatch can cause operators or an agent to invoke the skill with incorrect trust assumptions, leading to unintended data modification, outbound communication, or secret exposure risk through cross-skill credential use.
