Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 83% confidence
- Finding
- The skill invokes shell commands (`curl`, `jq`, and a local `bin/rails runner`) but does not declare permissions or otherwise constrain shell execution. In an agent setting, undeclared command execution increases the risk of operators assuming the skill is passive documentation when it can actually trigger network access and local process execution.
