Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill instructs the agent to run a local Python script with optional auto-fix behavior, which implies shell execution plus file reads/writes and environment variable access, yet it declares no permissions. This creates a trust and transparency gap: a platform or reviewer cannot accurately gate or sandbox the skill's capabilities, increasing the chance of unintended file modification or access when the skill is invoked.
