Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 90% confidence
- Finding
- The documented behavior says this skill syncs a private repository to a public mirror while excluding only `ai/`, but the static finding indicates additional high-risk actions: creating public repositories, retrieving secrets, and publishing packages to npm. That is a dangerous capability expansion because operators may invoke the skill expecting a repo sync while it can also expose code publicly and use sensitive credentials to perform irreversible external publication actions.
