Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill documents executable shell usage (`bash scripts/*.sh`) while declaring no corresponding permissions, creating a mismatch between the skill's effective capabilities and its declared security posture. This can mislead reviewers and users about what the skill can do, reducing scrutiny around command execution and external network access.
