Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 92% confidence
- Finding
- The skill is presented as architecture discovery, but it also performs IAM role creation/deletion, STS AssumeRole login-link generation, local config/cache management, environment-variable cleanup, and remote version checking. These are materially broader and more sensitive behaviors than the headline description, which can mislead users into granting powerful permissions they did not expect.
