Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill declares no permissions, yet it explicitly advertises shell execution and implies reading local resources and writing output files. This creates a capability/permission mismatch that can bypass user and platform expectations, increasing the risk of unauthorized local file access or command execution if the skill is invoked in a permissive runtime.
