Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill advertises executable shell-based behavior but does not declare permissions, which weakens user and platform visibility into what the skill can do. In a skill that also accesses credentials and sets up automation, hidden execution capability increases the chance of unintended or opaque actions being run.
