Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 93% confidence
- Finding
- The skill is presented as a conversational shampoo recommender, but the documented behavior includes filesystem manipulation, image generation, HTML generation, packaging, testing local file structure, and reads/writes to a fixed local Windows path. This mismatch is dangerous because users and platform reviewers may grant trust or execution context based on the declared low-risk purpose, while the actual capabilities enable broader local file access and artifact generation outside the stated scope.
