Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 90% confidence
- Finding
- The skill is presented as a bounded TikTok Shop intelligence workflow, but the documented behavior includes generic MCP tool enumeration, schema inspection, arbitrary tool invocation, multi-platform support, local token persistence, and broad disk writes. That gap expands the trust boundary: a user may authorize or run the skill expecting narrow analytics behavior while it enables broader remote actions and local data handling than advertised.
