Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 95% confidence
- Finding
- The skill description understates its operational behavior: beyond logging learnings, it also recommends always-on hooks, output inspection, and skill extraction that writes new files. This is dangerous because users or downstream agents may trust the declared purpose and enable broader automation without realizing the skill expands session influence and filesystem-modification scope.
