Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill advertises executable capabilities involving network access and shell usage, but does not declare permissions or constraints. This creates a governance and trust problem: callers may invoke a skill that can perform external access and command execution without explicit disclosure, increasing the risk of unexpected data exfiltration, environmental misuse, or unsafe automation.
