Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 93% confidence
- Finding
- The skill metadata and top-level description understate its operational behavior. Beyond offering design guidance, it instructs the agent to run shell scripts, scaffold full projects, install third-party npm packages, and invoke remote CLIs such as shadcn, shadcn-vue, Vercel, and Nuxt tooling. This mismatch is dangerous because it can cause an agent or user to authorize code execution and dependency installation under the assumption that the skill is only a static UI-generation helper, expanding the attack surface to supply-chain and arbitrary setup actions.
