Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 93% confidence
- Finding
- The skill metadata and body promise a constrained recovery action, but the documented behavior expands into additional state inspection, cache deletion, and config-driven targeting while also claiming an automatic retry that is not actually implemented in the file. This mismatch is security-relevant because operators and orchestrators may authorize or invoke the skill under incomplete assumptions, leading to unintended destructive actions or trust in safeguards that do not exist.
