Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 89% confidence
- Finding
- The skill claims to ingest Feishu folders and shared attachments, but the analyzed behavior reportedly only processes a local input directory and lacks Feishu integration. This mismatch can mislead operators into trusting that data came from Feishu when it may instead come from arbitrary local files, creating provenance confusion, incorrect security assumptions, and possible unintended ingestion of the wrong data set.
