Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill advertises no explicit permissions, yet its instructions indicate local file access and shell execution via python3. This creates a capability transparency gap: users and reviewers may believe the skill is read-only recruiting guidance, while it can invoke scripts over local inputs and outputs, increasing the chance of unintended data access or command execution.
