Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill appears to have operational capabilities to read files, write files, and invoke the shell, but no corresponding permissions are declared. That mismatch is dangerous because it hides the true trust boundary from users and reviewers, and shell access combined with file I/O can enable arbitrary command execution, data access, or persistence if the skill logic is compromised or abused.
