Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill invokes shell-based scripts and external binaries (`cast`, `jq`, `curl`, `python3`) but does not declare corresponding permissions or execution scope. This creates a trust and review gap: an agent or platform may treat the skill as lower risk than it really is, while the skill can still perform network calls, parse untrusted input, and initiate wallet-affecting operations via shell tooling.
