Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill documentation describes capabilities that require shell execution, filesystem access, and environment-variable control, but the skill declares no permissions. This creates a trust and review gap: consumers may treat the skill as low-privilege while it can launch external binaries, read workspace files, create sockets/symlinks, and potentially write to user-accessible paths.
