Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill declares no permissions, yet its instructions require shell-capable operations such as git diff and potentially file-modifying actions later in the workflow. This creates a transparency and trust problem: users may invoke a supposedly harmless audit skill without realizing it can access the shell and operate over the working tree.
