Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 93% confidence
- Finding
- The skill metadata says it safely reads, writes, appends, and lists files in the session working directory, but the body also documents mkdir, delete, copy, and move operations. This mismatch expands the apparent authority of the skill beyond what a caller may expect, increasing the chance that an agent or reviewer enables it under incomplete assumptions and permits destructive filesystem actions.
