Can pipeline trigger tokens be used to interact with other parts of the API besides triggering pipelines

I have some concerns that a pipeline trigger token might be used to access other secure parts of the Gitlab API.

My attempts to access the secure bits of the API with the trigger token have been fortunately frustrated, but still I would like some assurances that a trigger token ONLY allows a pipeline (in the same project of the token) to be triggered.