Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 88% confidence
- Finding
- The skill is ներկայացված as a simple Douyin hot-trend fetcher, but the finding indicates additional undeclared behavior: generating Telegram channel messages, embedding fixed Telegram chat/channel identifiers, and writing multiple local output/debug files. That mismatch is security-relevant because it can enable covert data exfiltration, unauthorized messaging, or persistence/logging beyond the user's expected scope, especially when these capabilities are not disclosed in the skill documentation.
