Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 90% confidence
- Finding
- The skill is presented as a finance analysis tool, but the documented setup connects the agent to an external HTTP MCP server using bearer-token authentication, which is an important operational and trust boundary not fully disclosed in the description. If the backend also includes undeclared database connectivity or default credentials as the static finding suggests, users may unknowingly expose queries, tokens, or sensitive business context to external infrastructure they did not intend to trust.
