Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 90% confidence
- Finding
- The skill metadata and visible documentation present the capability as guidance for AscendC operator optimization, but the analyzed behavior indicates it may also execute external build/run scripts in user-supplied operator directories, invoke profiling tools against arbitrary targets, and delete profiling output directories with broad shell patterns. That combination creates command execution and destructive filesystem risk that is materially more dangerous than the declared read/analyze/advise scope, especially in a skill intended to operate on arbitrary operator code paths.
