Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 84% confidence
- Finding
- The skill documents shell scripts that perform network access, read OAuth tokens, and rely on local configuration, but it declares no permissions or capability boundaries. This can mislead users and policy systems about what the skill can do, reducing informed consent and making review or sandboxing less effective.
