Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 92% confidence
- Finding
- The documented purpose is quantitative stock analysis, but the described backend behavior includes bearer-token auth, remote database access, and exposing raw/full report contents. That mismatch is dangerous because users may trust the skill as a simple analysis tool while it actually brokers access to external data systems and potentially sensitive third-party content, increasing risks around data exposure, over-collection, and undisclosed external dependencies.
