Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 82% confidence
- Finding
- The skill declares no permissions, yet its documented behavior explicitly uses local script execution via Python and browser tooling, which implies shell and filesystem access. This is dangerous because operators and policy engines may trust the manifest as low-privilege while the skill can actually read local files and invoke external programs, increasing the chance of unintended data exposure or execution beyond expected scope.
