Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill advertises a simple transcription capability but exposes shell execution capability without declaring corresponding permissions. This breaks the principle of least privilege and can allow unexpected command execution paths during install or runtime, reducing transparency and user consent.
