Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 84% confidence
- Finding
- The skill declares no permissions, yet the documentation explicitly allows local script execution via python3 and implies reading inputs and writing outputs. This creates a trust and enforcement gap: operators or orchestration layers may treat the skill as low-privilege while it actually has shell, file-read, and file-write behavior.
