Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill explicitly instructs use of a shell command (`node <skill_dir>/scripts/render.js ...`) but declares no corresponding permissions, creating a capability/permission mismatch. This is risky because it can cause users or hosting systems to execute code without clear disclosure or policy gating, even though the command itself appears consistent with the diagram-rendering purpose of the skill.
