Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 87% confidence
- Finding
- The skill clearly instructs use of shell commands and direct API calls, but the manifest does not declare corresponding permissions/capabilities. This creates a transparency and policy gap: users and hosting platforms may not realize the skill can access local files, read tokens, and send data to external services via shell, increasing the risk of unintended command execution or data exposure.
