Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 96% confidence
- Finding
- The skill description promises a simple interactive selector that prompts every run, but the documented behavior includes additional capabilities such as direct backend selection, watch mode, exports, setup that writes executables to ~/.local/bin, and shell configuration inspection. This mismatch weakens informed consent: users may invoke or install the skill expecting passive local viewing while it also performs filesystem modifications and broader operational behavior.
