Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 82% confidence
- Finding
- The skill metadata and documentation present the capability as deployment/orchestration guidance, but the referenced behavior also includes inventorying AgentCore resources, retrieving metadata for existing runtimes and memory stores, and tailing CloudWatch logs. In an AWS environment, those actions expose operational visibility into pre-existing infrastructure and data that goes beyond the declared scope, increasing the risk of unintended reconnaissance and sensitive information disclosure.
