Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 84% confidence
- Finding
- The skill declares no permissions, yet its instructions explicitly allow running `python3` and imply reading templates/specs and writing output files. This creates a capability/permission mismatch that can mislead reviewers and policy enforcement, making shell execution and file access available without transparent declaration.
